├── Makefile
├── SHA2.circuit
├── SHA2.pinocchio
├── SHA2.program
├── circuitify.py
├── jubjub-12.circuit
├── jubjub-12.program
├── jubjub-1536.circuit
├── jubjub-1536.program
├── jubjub-192.circuit
├── jubjub-192.program
├── jubjub-24.circuit
├── jubjub-24.program
├── jubjub-3.circuit
├── jubjub-3.program
├── jubjub-3072.circuit
├── jubjub-3072.program
├── jubjub-384.circuit
├── jubjub-384.program
├── jubjub-48.circuit
├── jubjub-48.program
├── jubjub-6.circuit
├── jubjub-6.program
├── jubjub-768.circuit
├── jubjub-768.program
├── jubjub-96.circuit
├── jubjub-96.program
├── jubjub.circuit
├── jubjub.sage
├── merkle-1.program
├── merkle-10.program
├── merkle-11.program
├── merkle-12.program
├── merkle-13.program
├── merkle-14.program
├── merkle-15.program
├── merkle-16.program
├── merkle-17.program
├── merkle-18.program
├── merkle-19.program
├── merkle-2.program
├── merkle-20.program
├── merkle-21.program
├── merkle-22.program
├── merkle-23.program
├── merkle-24.program
├── merkle-25.program
├── merkle-26.program
├── merkle-27.program
├── merkle-28.program
├── merkle-29.program
├── merkle-3.program
├── merkle-30.program
├── merkle-4.program
├── merkle-5.program
├── merkle-6.program
├── merkle-7.program
├── merkle-8.program
├── merkle-9.program
└── pinocchio.py


/Makefile:
--------------------------------------------------------------------------------
 1 | SAGE := /opt/SageMath/sage
 2 | 
 3 | jubjub-%.program: jubjub.sage
 4 | 	$(SAGE) $< $* >$@
 5 | 
 6 | jubjub-%.circuit: jubjub-%.program circuitify.py
 7 | 	./circuitify.py <$< >$@
 8 | 
 9 | jubjub-circuits: jubjub-3.circuit jubjub-6.circuit jubjub-12.circuit jubjub-24.circuit jubjub-48.circuit jubjub-96.circuit jubjub-192.circuit jubjub-384.circuit jubjub-768.circuit jubjub-1536.circuit jubjub-3072.circuit
10 | 


--------------------------------------------------------------------------------
/circuitify.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/python3
  2 | 
  3 | import re
  4 | import sys
  5 | import time
  6 | import random
  7 | 
  8 | MODULUS = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
  9 | COST_SCALAR_MUL = 5
 10 | COST_SCALAR_NEG = 2
 11 | COST_SCALAR_COPY = 1
 12 | 
 13 | def equation_cost(var):
 14 |     if len(var) == 0:
 15 |         return 0
 16 |     total = 0
 17 |     negs = dict()
 18 |     counts = dict()
 19 |     high = 0
 20 |     for name, val in var.items():
 21 |         total += 1
 22 |         negate = 0
 23 |         if MODULUS - val < val:
 24 |             val = MODULUS - val
 25 |             negate = 1
 26 |         if val in counts:
 27 |             counts[val] += 1
 28 |             negs[val] += negate
 29 |         else:
 30 |             counts[val] = 1
 31 |             negs[val] = negate
 32 |         if counts[val] > high:
 33 |             high = val
 34 |     plus_one = max(negs[high], counts[high] - negs[high])
 35 |     neg_one = counts[high] - plus_one
 36 |     return COST_SCALAR_MUL * (total - plus_one - neg_one) + COST_SCALAR_NEG * neg_one + COST_SCALAR_COPY
 37 | 
 38 | def modinv(n):
 39 |     assert(n != 0)
 40 |     return pow(n, MODULUS - 2, MODULUS)
 41 | 
 42 | class Linear:
 43 |     def __init__(self, real, const, *args):
 44 |         self.const = const % MODULUS
 45 |         self.real = real % MODULUS
 46 |         var = dict()
 47 |         for (name, val) in args:
 48 |             val = val % MODULUS
 49 |             if val == 0:
 50 |                 continue
 51 |             if name not in var:
 52 |                 var[name] = val
 53 |             else:
 54 |                 cval = (var[name] + val) % MODULUS
 55 |                 if cval != 0:
 56 |                     var[name] = cval
 57 |                 else:
 58 |                     del var[name]
 59 |         self.var = var
 60 |         self.cost = equation_cost(var)
 61 | 
 62 |     def __str__(self):
 63 |         terms = []
 64 |         for (name, val) in self.var.items():
 65 |             if val == 1:
 66 |                 terms.append(name)
 67 |             elif (val + 1) % MODULUS == 0:
 68 |                 terms.append("-%s" % name)
 69 |             elif (MODULUS - val < 10000):
 70 |                 terms.append("-%i*%s" % (MODULUS - val, name))
 71 |             else:
 72 |                 terms.append("%i*%s" % (val, name))
 73 |         if not terms or self.const != 0:
 74 |             if MODULUS - self.const < 10000:
 75 |                 terms.append("-%i" % (MODULUS - self.const))
 76 |             else:
 77 |                 terms.append("%i" % self.const)
 78 |         return " + ".join(terms)
 79 | 
 80 |     def is_const(self):
 81 |         return len(self.var) == 0
 82 | 
 83 |     def get_const(self):
 84 |         assert(self.is_const())
 85 |         assert(self.const == self.real)
 86 |         return self.const
 87 | 
 88 |     def get_real(self):
 89 |         return self.real
 90 | 
 91 |     def __add__(self, other):
 92 |         return Linear((self.real + other.real) % MODULUS, (self.const + other.const) % MODULUS, *(list(self.var.items()) + list(other.var.items())))
 93 | 
 94 |     def __sub__(self, other):
 95 |         return Linear((self.real + MODULUS - other.real) % MODULUS, (self.const + MODULUS - other.const) % MODULUS, *(list(self.var.items()) + [(name, MODULUS - val) for (name, val) in other.var.items()]))
 96 | 
 97 |     def __mul__(self, val):
 98 |         return Linear(self.real * val, self.const * val, *[(name, v * val) for (name, v) in self.var.items()])
 99 | 
100 |     def __div__(self, val):
101 |         if val == 0:
102 |             raise Exception("Division by zero")
103 |         inv = modinv(val)
104 |         return Linear(self.real * inv, self.const * inv, *[(name, v * inv) for (name, v) in self.var.items()])
105 | 
106 |     def __eq__(self, other):
107 |         return self.const == other.const and self.var == other.var
108 | 
109 |     def __lt__(self, other):
110 |         if self.const < other.const: return True
111 |         if self.const > other.const: return False
112 |         return self.__str__() < other.__str__()
113 | 
114 | temp_count = 0
115 | mul_count = 0
116 | mul_data = []
117 | cache = dict()
118 | varset = dict()
119 | eqs = []
120 | 
121 | 
122 | def clean_expr(s):
123 |     s = s.strip()
124 |     if s == "" or s[0] != '(' or s[-1] != ')':
125 |         return s
126 |     depth = 1
127 |     for i in range(1, len(s) - 1):
128 |         if s[i] == '(':
129 |             depth += 1
130 |         elif s[i] == ')':
131 |             depth -= 1
132 |             if depth == 0:
133 |                 return s
134 |     return clean_expr(s[1:-1])
135 | 
136 | VAR_RE = re.compile('[A-Za-z_][0-9a-zA-Z_]*')
137 | SECRET_RE = re.compile('#(-?[0-9]+)')
138 | NUM_RE = re.compile('[0-9]+')
139 | 
140 | def split_expr_binary(s, ops):
141 |     i = 1
142 |     depth = 0
143 |     for i in range(len(s), 1, -1):
144 |         if s[i - 1] == ')':
145 |             depth += 1
146 |         elif s[i - 1] == '(':
147 |             depth -= 1
148 |         elif depth == 0:
149 |             for op in ops:
150 |                 if i - len(op) >= 1 and s[i-len(op):i] == op:
151 |                     return (clean_expr(s[:i-len(op)]), op, clean_expr(s[i:]))
152 |     return None
153 | 
154 | def new_mul(vall, valr):
155 |     global mul_count
156 |     global mul_data
157 |     mul_data.append((vall % MODULUS, valr % MODULUS, (vall * valr) % MODULUS))
158 |     ret = (Linear(vall, 0, ("L%i" % mul_count, 1)), Linear(valr, 0, ("R%i" % mul_count, 1)), Linear(vall * valr, 0, ("O%i" % mul_count, 1)))
159 |     mul_count += 1
160 |     return ret
161 | 
162 | def new_temp(val):
163 |     global temp_count
164 |     ret = Linear(val, 0, ("T%i" % temp_count, 1))
165 |     temp_count += 1
166 |     return ret
167 | 
168 | def new_const(val):
169 |     return Linear(val, val)
170 | 
171 | def new_multiplication(l, r):
172 |     global cache
173 |     global eqs
174 |     global varset
175 |     if l.is_const():
176 |         return r * l.get_const()
177 |     if r.is_const():
178 |         return l * r.get_const()
179 |     if r < l:
180 |         (l, r) = (r, l)
181 |     key = "%s {*} %s" % (l, r)
182 |     if key in cache:
183 |         return cache[key]
184 |     lv, rv, ret = new_mul(l.get_real(), r.get_real())
185 | #    for var in varset:
186 | #        if varset[var] == l:
187 | #            varset[var] = lv
188 | #        if varset[var] == r:
189 | #            varset[var] = rv
190 |     assert(l.get_real() == lv.get_real())
191 |     assert(r.get_real() == rv.get_real())
192 |     eqs.append(l - lv)
193 |     eqs.append(r - rv)
194 |     cache[key] = ret
195 |     return ret
196 | 
197 | def new_division(l, r):
198 |     global cache
199 |     global eqs
200 |     global varset
201 |     if r.is_const():
202 |         return l / r.get_const()
203 |     key = "%s {/} %s" % (l, r)
204 |     if key in cache:
205 |         return cache[key]
206 |     ret, rv, lv = new_mul(l.get_real() * modinv(r.get_real()), r.get_real())
207 | #    for var in varset:
208 | #        if varset[var] == l:
209 | #            varset[var] = lv
210 | #        if varset[var] == r:
211 | #            varset[var] = rv
212 |     assert(l.get_real() == lv.get_real())
213 |     assert(r.get_real() == rv.get_real())
214 |     eqs.append(l - lv)
215 |     eqs.append(r - rv)
216 |     cache[key] = ret
217 |     return ret
218 | 
219 | def new_xor(l, r):
220 |     return l + r - new_multiplication(l, r) * 2
221 | 
222 | def parse_expression(s):
223 |     global cache
224 |     global eqs
225 |     global varset
226 |     s = clean_expr(s)
227 |     if s == "":
228 |         raise Exception("Empty expression")
229 |     sp = split_expr_binary(s, ["^"])
230 |     if sp:
231 |         (left, op, right) = sp
232 |         l = parse_expression(left)
233 |         r = parse_expression(right)
234 |         ret = new_xor(l, r)
235 |         assert(ret.get_real() == l.get_real() ^ r.get_real())
236 |         return ret
237 |     sp = split_expr_binary(s, ["+", "-"])
238 |     if sp:
239 |         (left, op, right) = sp
240 |         l = parse_expression(left)
241 |         r = parse_expression(right)
242 |         if op == '+':
243 |             ret = l + r
244 |         else:
245 |             ret = l - r
246 |         return ret
247 |     sp = split_expr_binary(s, ["*", "/"])
248 |     if sp:
249 |         (left, op, right) = sp
250 |         l = parse_expression(left)
251 |         r = parse_expression(right)
252 |         if op == '*':
253 |             ret = new_multiplication(l, r)
254 |             assert(ret.get_real() == (l.get_real() * r.get_real()) % MODULUS)
255 |             return ret
256 |         else:
257 |             ret = new_division(l, r)
258 |             assert(l.get_real() == (ret.get_real() * r.get_real()) % MODULUS)
259 |             return new_division(l, r)
260 |     if len(s) > 5 and s[:5] == 'bool(':
261 |         ret = parse_expression(s[4:])
262 |         m = new_multiplication(ret, ret - new_const(1))
263 |         eqs.append(m)
264 |         return ret
265 |     if s[0] == '-':
266 |         return parse_expression(s[1:]) * (MODULUS - 1)
267 |     if VAR_RE.fullmatch(s):
268 |         if s in varset:
269 |             return varset[s]
270 |         raise Exception("Variable '%s' not defined" % s)
271 |     sp = SECRET_RE.fullmatch(s)
272 |     if sp:
273 |         return new_temp(int(sp.group(1)))
274 |     if NUM_RE.fullmatch(s):
275 |         return new_const(int(s))
276 |     raise Exception("Cannot parse '%s'" % s)
277 | 
278 | def parse_expressions(s):
279 |     sp = split_expr_binary(s, [","])
280 |     if sp:
281 |         (left, op, right) = sp
282 |         return parse_expressions(left) + [parse_expression(right)]
283 |     return [parse_expression(s)]
284 | 
285 | def parse_statement(s):
286 |     global varset
287 |     global eqs
288 |     s = s.strip()
289 |     if len(s) > 6 and s[0:6] == "debug ":
290 |         expr = parse_expression(s[6:])
291 |         print("DEBUG %s: %s [0x%x]\n" % (s[6:], expr, expr.get_real()))
292 |         return
293 |     sp = split_expr_binary(s, [":=", "=:", "==", "="])
294 |     if sp:
295 |         (left, op, right) = sp
296 |         if op == ':=':
297 |             bits = [x.strip() for x in left.split(",")]
298 |             for bit in bits:
299 |                 if not VAR_RE.fullmatch(bit):
300 |                     raise Exception("Bit '%s' is not a valid name in %s" % (bit, op))
301 |             val = parse_expression(right)
302 |             assert(len(bits) <= 256) # don't support less-than constraint
303 |             assert(val.get_real() >> len(bits) == 0)
304 |             if val.is_const():
305 |                 bitvars = [new_const((val.get_real() >> i) & 1) for i in range(len(bits))]
306 |             else:
307 |                 bitvars = [new_temp((val.get_real() >> i) & 1) for i in range(len(bits))]
308 |                 for i, bitvar in enumerate(bitvars):
309 |                     eqs.append(new_multiplication(bitvar, bitvar - new_const(1)))
310 |                     val = val - bitvar * (1 << i)
311 |                 eqs.append(val)
312 |             for i in range(len(bits)):
313 |                 varset[bits[i]] = bitvars[i]
314 |         elif op == '=:':
315 |             bits = parse_expressions(right)
316 |             if not VAR_RE.fullmatch(left):
317 |                 raise Exception("Int '%s' is not a valid name in %s" % (left, op))
318 |             assert(len(bits) <= 256)
319 |             real = 0
320 |             for i, bit in enumerate(bits):
321 |                 assert(bit.get_real() == 0 or bit.get_real() == 1)
322 |                 real = real + bit.get_real() * (1 << i)
323 |             if all(bit.is_const() for bit in bits):
324 |                 val = new_const(real)
325 |                 varset[left] = val
326 |             else:
327 |                 val = new_temp(real)
328 |                 varset[left] = val
329 |                 for i, bit in enumerate(bits):
330 |                     val = val - bit * (1 << i)
331 |                 eqs.append(val)
332 |         elif op == '=':
333 |             if VAR_RE.fullmatch(left):
334 |                 expr = parse_expression(right)
335 |                 varset[left] = expr
336 |             else:
337 |                 raise Exception("Assigning to non-variable '%s'" % left)
338 |         elif op == '==':
339 |             l = parse_expression(left)
340 |             r = parse_expression(right)
341 |             if l.get_real() != r.get_real():
342 |                 print("WARNING: in '%s', left is %i, right is %i" % (s, l.get_real(), r.get_real()))
343 |             eqs.append(l - r)
344 |     else:
345 |         raise Exception("Cannot execute '%s'" % s)
346 | 
347 | def pivot_variable(eqs, vnam, eliminate=False):
348 |     c = 0
349 |     cc = 0
350 |     low = None
351 |     leq = None
352 |     for idx, eq in enumerate(eqs):
353 |         if vnam in eq.var:
354 |             cc += 1
355 |             if low is None or c > len(eq.var):
356 |                 low = idx
357 |                 c = len(eq.var)
358 |                 leq = eq * modinv(eq.var[vnam])
359 |     if cc > 1:
360 |         for idx, eq in enumerate(eqs):
361 |             if idx != low and vnam in eq.var:
362 |                 eqs[idx] = eq - leq * eq.var[vnam]
363 |     if eliminate and cc > 0:
364 |         del eqs[low]
365 | 
366 | 
367 | def encode_andytoshi_format():
368 |     global eqs
369 |     global mul_count
370 |     ret = "%i,0,%i;" % (1<<(mul_count-1).bit_length(), len(eqs))
371 |     for eq in eqs:
372 |         assert(eq.get_real() == 0)
373 |         for pos, (name, val) in enumerate(eq.var.items()):
374 |             ret += " "
375 |             negative = False
376 |             if val * 2 > MODULUS:
377 |                 negative = True
378 |                 val = MODULUS - val
379 |             if pos == 0 and negative:
380 |                 ret += "-"
381 |             elif pos > 0 and negative:
382 |                 ret += "- "
383 |             elif pos > 0:
384 |                 ret += "+ "
385 |             if val > 1:
386 |                 ret += "%i*" % val
387 |             ret += name
388 |         ret += " = "
389 |         val = (MODULUS - eq.const) % MODULUS
390 |         if val * 2 > MODULUS:
391 |             ret += "-"
392 |             val = MODULUS - val
393 |         ret += "%i;" % val
394 |     return ret
395 | 
396 | def encode_scalar_const(v):
397 |     if (v < 100):
398 |         return ("SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, %i)" % v)
399 |     vals = [(v >> (32 * (7 - i))) & 0xFFFFFFFF for i in range(8)]
400 |     return ("SECP256K1_SCALAR_CONST(0x%08x, 0x%08x, 0x%08x, 0x%08x, 0x%08x, 0x%08x, 0x%08x, 0x%08x)" % (vals[0], vals[1], vals[2], vals[3], vals[4], vals[5], vals[6], vals[7]))
401 | 
402 | start = time.clock()
403 | print("[%f] Parsing..." % 0)
404 | for line in sys.stdin:
405 |     parse_statement(line)
406 | 
407 | print("[%f] %i multiplications, %i temporaries, %i constraints, %i cost" % (time.clock() - start, mul_count, temp_count, len(eqs), sum(eq.cost for eq in eqs)))
408 | 
409 | print("[%f] Eliminating..." % (time.clock() - start))
410 | tock = time.clock()
411 | for tnum in range(0, temp_count):
412 |     pivot_variable(eqs, "T%i" % tnum, True)
413 |     now = time.clock()
414 |     if (now - tock > 10):
415 |         tock = now
416 |         print("[%f] Eliminated %i/%i" % (now - start, tnum, temp_count))
417 | 
418 | eqs_cost = sum(eq.cost for eq in eqs)
419 | print("[%f] %i multiplications, %i constraints, %i cost" % (time.clock() - start, mul_count, len(eqs), eqs_cost))
420 | print("[%f] Reducing..." % (time.clock() - start))
421 | tock = time.clock()
422 | for i in range(mul_count // 10):
423 |     neweqs = eqs.copy()
424 |     now = time.clock()
425 |     if (now - tock > 20):
426 |         tock = now
427 |         print("[%f] Reduced to %i cost (step %i/%i)" % (now - start, eqs_cost, i, mul_count // 10))
428 |     for j in range(4):
429 |         vnam = random.choice(["L%i","R%i","O%i"]) % random.randrange(mul_count)
430 |         pivot_variable(neweqs, vnam)
431 |         neweqs_cost = sum(eq.cost for eq in neweqs)
432 |         if neweqs_cost < eqs_cost:
433 |             eqs = neweqs
434 |             eqs_cost = neweqs_cost
435 |             break
436 | 
437 | print("[%f] %i multiplications, %i constraints, %i cost" % (time.clock() - start, mul_count, len(eqs), eqs_cost))
438 | 
439 | print("[%f] Maximizing 1s..." % (time.clock() - start))
440 | neweqs = eqs
441 | for idx, eq in enumerate(eqs):
442 |     counts = dict()
443 |     negations = dict()
444 |     max_count = 0
445 |     max_val = None
446 |     for name, val in eq.var.items():
447 |         negated = False
448 |         if val & 1 == 0:
449 |             val = MODULUS - val
450 |             negated = True
451 |         if val not in counts:
452 |             counts[val] = 1
453 |             negations[val] = 0
454 |         else:
455 |             counts[val] += 1
456 |         negations[val] += negated
457 |         if counts[val] > max_count:
458 |             max_count = counts[val]
459 |             max_val = val
460 |     if negations[max_val] * 2 > counts[max_val]:
461 |         neweqs[idx] = eq * (MODULUS - modinv(max_val))
462 |     else:
463 |         neweqs[idx] = eq * modinv(max_val)
464 | eqs = neweqs
465 | 
466 | 
467 | 
468 | print("[%f] Done" % (time.clock() - start))
469 | print()
470 | print(encode_andytoshi_format())
471 | 
472 | print()
473 | print("Secret inputs:")
474 | print("L = {%s}" % (", ".join(encode_scalar_const(mul_data[i][0]) for i in range(mul_count))))
475 | print("R = {%s}" % (", ".join(encode_scalar_const(mul_data[i][1]) for i in range(mul_count))))
476 | print("O = {%s}" % (", ".join(encode_scalar_const(mul_data[i][2]) for i in range(mul_count))))
477 | 


--------------------------------------------------------------------------------
/jubjub-12.circuit:
--------------------------------------------------------------------------------
 1 | [0.000000] Parsing...
 2 | [0.016369] 32 multiplications, 12 temporaries, 77 constraints, 703 cost
 3 | [0.016385] Eliminating...
 4 | [0.017735] 32 multiplications, 65 constraints, 667 cost
 5 | [0.017739] Reducing...
 6 | [0.054280] 32 multiplications, 65 constraints, 454 cost
 7 | [0.054284] Maximizing 1s...
 8 | [0.055573] Done
 9 | 
10 | 32,0,65; -R0 + L0 = 1; O0 = 0; -R1 + L1 = 1; O1 = 0; -R2 + L2 = 1; O2 = 0; -R3 + L3 = 1; O3 = 0; -R4 + L4 = 1; O4 = 0; -R5 + L5 = 1; O5 = 0; -R6 + L6 = 1; O6 = 0; -R7 + L7 = 1; O7 = 0; -R8 + L8 = 1; O8 = 0; -R9 + L9 = 1; O9 = 0; -R10 + L10 = 1; O10 = 0; -R11 + L11 = 1; O11 = 0; -L12 + L0 = 0; -R12 + L1 = 0; O12 + 43761614841181848836640060563436836929981077120207297347288494535014373124598*L13 + 32269103446714936439983769262136990710725469005847626272964912432556195438855*L0 + 53470148824566042419568143658779164645897136432324031591105781651996231383599*L1 = -29906057699896301565330867720293440045651680527210179749355355245466869592774; R13 - 2*L2 = -1; -L14 + L3 = 0; -R14 + R4 = -1; O14 + 21014290721093653874050402869616240144839777829078930642127268241692916015010*L15 + 30291292020152637070930450826530356553284841560358009904384208293049320970610*L3 + 37447708648605002961390823892644286535292237354956047616343665579501453451337*R4 = -3848610537754422538273360020032990535503289049720734589510561908623250812515; R15 - 2*L5 = -1; -L16 + L6 = 0; -R16 + R7 = -1; O16 + 39422441130629874788198111655788462774110351529600124115545993295029051645684*L17 + 42917028799385590299700293733507678944889494535724212207609436744993250694556*L6 - 45564479698566953479243735330776442972323193012352683437382744426522131912328*R7 = -11972824301088414874137643717069794218349474745778237473790506308418625237223; R17 - 2*L8 = -1; -L18 + L10 = 0; -R18 + R9 = -1; O18 - 38446424868433796858851842953384746620424815807520879497914956603617301801014*L19 + 42482794273324292680092874678191174984383984641774082606360053433037358121899*L10 - 55773950624693951415836632983097258152703163972044214177119964811812625388646*R9 = -12133938717891365535698408705473406314721022081792724454444049870243895571953; R19 - 2*L11 = -1; O13 - O20 = -31911563695868227935822097151440408058788453417761597729766562570436016680733; R20 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L13 = -139945449936590736539304042641240801461007015429285852688272643000005782778; L20 - L21 = 0; L20 - R21 = 0; L20 - L22 = 0; O21 + R22 - 51516127673109386393816398459009443243459283883942664948368606277819222758886*L0 + 22582466753822382779073389479770109573390773792387186616066489900684041180370*L1 + 6726530529681914566372314857891225234480658195599878720927037650816335268370*L13 = -54679054894134554212423894024404838177902839973900651985203627030479809533163; O15 - O22 + O13 - O23 = 0; -R23 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 + 5035688805764254729615047036903177527727379034866312505324239583314225212885*L3 - 30759539956556623185178837535720172364584628569249377782678985276037466457*R4 + R22 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L13 + 7224137796052607702389482387318843227054137898881038815935328843778405489389*L15 = -4977866517061906439537911425741830389252065029338364764837935508798339928699; L23 - L24 = 0; -R24 + L24 = 0; -L25 + L24 = 0; O24 + R25 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 - 10071377611528509459230094073806355055454758069732625010648479166628450425770*L3 + 61519079913113246370357675071440344729169257138498755565357970552074932914*R4 + R22 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L13 - 14448275592105215404778964774637686454108275797762077631870657687556810978778*L15 = -44863267309947332069887375215562418200859716930653208308216028655883135458543; O17 - O25 + O15 - O26 = 0; -R26 - 5035688805764254729615047036903177527727379034866312505324239583314225212885*L3 - 48100700632766923807071316821728657452197743739847439331005134993802407792790*L6 + 30759539956556623185178837535720172364584628569249377782678985276037466457*R4 + 5905242161836463391747922240547459274457254646794898858995512087108916744203*R7 + R25 - 26871699770441286097881684628364429239157611038343957508712639047562330526539*O16 - 7224137796052607702389482387318843227054137898881038815935328843778405489389*L15 = 7660740013469959185869550367887940792294310167209929539311352110484593537500; L26 - L27 = 0; L26 - R27 = 0; L26 - L28 = 0; O27 + R28 - 5035688805764254729615047036903177527727379034866312505324239583314225212885*L3 - 19590687971782347809428351365230592948442076799380025720594893153913345908757*L6 + 30759539956556623185178837535720172364584628569249377782678985276037466457*R4 - 11810484323672926783495844481094918548914509293589797717991024174217833488406*R7 + R25 + 53743399540882572195763369256728858478315222076687915017425278095124661053078*O16 - 7224137796052607702389482387318843227054137898881038815935328843778405489389*L15 = -55206880819825344002088564525596469396196272235734702622000797368053982604844; O19 - O28 - O29 + O17 = 0; -R29 + 48100700632766923807071316821728657452197743739847439331005134993802407792790*L6 + 35361509647247546400757678737051292023162572769713343992318410794327733283060*L10 + 21083723490013023409268859711249867232140935066618250965981738757181533546676*R9 - 5905242161836463391747922240547459274457254646794898858995512087108916744203*R7 + R28 - 49695694995130873991915508336242308319685159231177454393336848369454461072642*L19 + 26871699770441286097881684628364429239157611038343957508712639047562330526539*O16 = -20578486244327227042078019776949469538281373407729743254744713493386778598332; L29 - L30 = 0; L29 - R30 = 0; L29 - L31 = 0; R31 - 35361509647247546400757678737051292023162572769713343992318410794327733283060*L10 - 21083723490013023409268859711249867232140935066618250965981738757181533546676*R9 + 49695694995130873991915508336242308319685159231177454393336848369454461072642*L19 = -46133632168617663901182590840832304151482844268790673706274545791693673747502; O30 + 48100700632766923807071316821728657452197743739847439331005134993802407792790*L6 - 35361509647247546400757678737051292023162572769713343992318410794327733283060*L10 - 21083723490013023409268859711249867232140935066618250965981738757181533546676*R9 - 5905242161836463391747922240547459274457254646794898858995512087108916744203*R7 + R28 + 49695694995130873991915508336242308319685159231177454393336848369454461072642*L19 + 26871699770441286097881684628364429239157611038343957508712639047562330526539*O16 = 24422983823976814797380515501246833039555008681305528054451823299928654801822;
11 | 
12 | Secret inputs:
13 | L = {SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x8622f5f9, 0x83a711d6, 0x35530e80, 0x298ac2f1, 0x287824b2, 0xf76f6474, 0x7f4919d6, 0x2e300537), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x96354875, 0x4f6885e1, 0x0842bb28, 0x84bf9b55, 0xef4c3e4f, 0xcf53be58, 0x83c5c830, 0x1623fcbc), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0xd736927f, 0xa5d8ce90, 0x2e0fefb8, 0xf6364c69, 0x695fb4ca, 0xe6f89ab7, 0xa6f2e78a, 0x9cdfa6d7), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xc64270a6, 0x0d080926, 0x26f781af, 0x480c9a2e, 0x66b6b4b0, 0x4e5e785a, 0x1e63d39b, 0x9e3c266a), SECP256K1_SCALAR_CONST(0x93fc98d3, 0x5f93de4b, 0xca4a7603, 0xc7660291, 0x879e616c, 0xf8c70b6d, 0x0c211d5a, 0x69132b49), SECP256K1_SCALAR_CONST(0x93fc98d3, 0x5f93de4b, 0xca4a7603, 0xc7660291, 0x879e616c, 0xf8c70b6d, 0x0c211d5a, 0x69132b49), SECP256K1_SCALAR_CONST(0x93fc98d3, 0x5f93de4b, 0xca4a7603, 0xc7660291, 0x879e616c, 0xf8c70b6d, 0x0c211d5a, 0x69132b49), SECP256K1_SCALAR_CONST(0x0fd204d1, 0x5fe68917, 0x082a6496, 0xe7b5250c, 0x2ee7abc6, 0x8e147bb3, 0xf6d437ae, 0x66180e4f), SECP256K1_SCALAR_CONST(0x0fd204d1, 0x5fe68917, 0x082a6496, 0xe7b5250c, 0x2ee7abc6, 0x8e147bb3, 0xf6d437ae, 0x66180e4f), SECP256K1_SCALAR_CONST(0x0fd204d1, 0x5fe68917, 0x082a6496, 0xe7b5250c, 0x2ee7abc6, 0x8e147bb3, 0xf6d437ae, 0x66180e4f), SECP256K1_SCALAR_CONST(0x373b7113, 0x67ae9d78, 0xc9520dbe, 0x47d33296, 0x4c5a17e4, 0x3d236b8a, 0xcf801d6a, 0x36e3c66d), SECP256K1_SCALAR_CONST(0x373b7113, 0x67ae9d78, 0xc9520dbe, 0x47d33296, 0x4c5a17e4, 0x3d236b8a, 0xcf801d6a, 0x36e3c66d), SECP256K1_SCALAR_CONST(0x373b7113, 0x67ae9d78, 0xc9520dbe, 0x47d33296, 0x4c5a17e4, 0x3d236b8a, 0xcf801d6a, 0x36e3c66d), SECP256K1_SCALAR_CONST(0xd0a2df73, 0x408ba620, 0x7b78a29f, 0x004c3850, 0xc4e37755, 0x33d5b61c, 0x13ec783b, 0xf3889675), SECP256K1_SCALAR_CONST(0xd0a2df73, 0x408ba620, 0x7b78a29f, 0x004c3850, 0xc4e37755, 0x33d5b61c, 0x13ec783b, 0xf3889675), SECP256K1_SCALAR_CONST(0xd0a2df73, 0x408ba620, 0x7b78a29f, 0x004c3850, 0xc4e37755, 0x33d5b61c, 0x13ec783b, 0xf3889675)}
14 | R = {SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0x72f3349a, 0xb4bcd94a, 0xd1bd154c, 0xd78ba164, 0x3b7d2b6d, 0xa05d3c84, 0x573febb0, 0xf4188e89), SECP256K1_SCALAR_CONST(0x93fc98d3, 0x5f93de4b, 0xca4a7603, 0xc7660291, 0x879e616c, 0xf8c70b6d, 0x0c211d5a, 0x69132b49), SECP256K1_SCALAR_CONST(0x4cb72116, 0x8fbe5983, 0x11661fec, 0x89e2b583, 0x319e416f, 0x694828c4, 0x955490e1, 0xd8661e38), SECP256K1_SCALAR_CONST(0x7a3245e2, 0x15d5d1c6, 0x5a9f54c5, 0x8f904248, 0x058e3fb3, 0x36ba8696, 0x98321d38, 0xa7063251), SECP256K1_SCALAR_CONST(0x0fd204d1, 0x5fe68917, 0x082a6496, 0xe7b5250c, 0x2ee7abc6, 0x8e147bb3, 0xf6d437ae, 0x66180e4f), SECP256K1_SCALAR_CONST(0xe0e956f8, 0x00de3b1a, 0x6a1b4c47, 0xfcb53963, 0xe34a3046, 0x42cc7c4c, 0x4f6eb652, 0x198624a1), SECP256K1_SCALAR_CONST(0x947c74ec, 0xb81db5c5, 0xeac5e556, 0x3bbe44c2, 0xabb02edc, 0x44d2b90e, 0x4aac678f, 0xbd4b1304), SECP256K1_SCALAR_CONST(0x373b7113, 0x67ae9d78, 0xc9520dbe, 0x47d33296, 0x4c5a17e4, 0x3d236b8a, 0xcf801d6a, 0x36e3c66d), SECP256K1_SCALAR_CONST(0x350500ac, 0x7639ec6e, 0x3a5fb1c9, 0x99e801b4, 0x271aef68, 0x94e7a818, 0x601f91e9, 0x030b6fbc), SECP256K1_SCALAR_CONST(0x99cefa52, 0x5b87a63f, 0x24684558, 0xce3c2cb5, 0xcd6f6f14, 0x6e3c9bb1, 0x5e48beaa, 0x6b348f85), SECP256K1_SCALAR_CONST(0xd0a2df73, 0x408ba620, 0x7b78a29f, 0x004c3850, 0xc4e37755, 0x33d5b61c, 0x13ec783b, 0xf3889675), SECP256K1_SCALAR_CONST(0x2b8b611f, 0x652496e1, 0x55a0e297, 0x35a28a45, 0x53e8bfa4, 0xfc188206, 0xc211f301, 0xc9440d3f)}
15 | O = {SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x8622f5f9, 0x83a711d6, 0x35530e80, 0x298ac2f1, 0x287824b2, 0xf76f6474, 0x7f4919d6, 0x2e300537), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x69cab78a, 0xb0977a1e, 0xf7bd44d7, 0x7b4064a8, 0xcb629e96, 0xdff4e1e3, 0x3c0c965c, 0xba124485), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0x28c96d80, 0x5a27316f, 0xd1f01047, 0x09c9b395, 0x514f281b, 0xc8500584, 0x18df7702, 0x33569a6a), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x39bd8f59, 0xf2f7f6d9, 0xd9087e50, 0xb7f365d0, 0x53f82836, 0x60ea27e1, 0xa16e8af1, 0x31fa1ad7), SECP256K1_SCALAR_CONST(0xccb0440c, 0xe6e5f81a, 0x5c8d35d5, 0x6e0d28de, 0x5ffbb79a, 0xad0cc5f6, 0x8bb99b6b, 0x15f13454), SECP256K1_SCALAR_CONST(0x20ea722e, 0x0d8697e3, 0x8a085009, 0x7fb9e7fa, 0x7e1f2972, 0x2557f393, 0x42793db4, 0xb6aa03e3), SECP256K1_SCALAR_CONST(0x07e53dfe, 0x7cd19b42, 0xd9c59a7e, 0x07ddbc55, 0xce2562da, 0x7b7227bc, 0xc98d3cd3, 0x58bd4ca7), SECP256K1_SCALAR_CONST(0xe8086f85, 0xb76cf0b2, 0x534ab8d9, 0x9ced6b44, 0x25b5606f, 0x5bf21e9a, 0xf1c8735f, 0x8f84fd15), SECP256K1_SCALAR_CONST(0x0dea9967, 0xcd94269a, 0x841c82c0, 0x65eb6984, 0x7e322121, 0x1dcd6f6f, 0x50058bc1, 0x2e7c95fd), SECP256K1_SCALAR_CONST(0x9855619d, 0x629e3d17, 0x9187312a, 0xfaf129ab, 0x1edf6b1a, 0xb70ffd22, 0x37d4205a, 0x22f8823a), SECP256K1_SCALAR_CONST(0xfa3ec36d, 0xa8206e77, 0x382623f3, 0x8a18ee91, 0xb881387e, 0xa07d8a80, 0xdcea4b91, 0x9aa69df6), SECP256K1_SCALAR_CONST(0xba3e1a86, 0xdbaf0149, 0xa5b157d8, 0xd9a5c0d4, 0xa8204b7e, 0x72f567ad, 0x3e65d818, 0xea377699), SECP256K1_SCALAR_CONST(0x26e58616, 0xc0615e55, 0x06ccc846, 0x7ea9a284, 0x1067572f, 0xc1dd9d14, 0x4d038584, 0x24becef6), SECP256K1_SCALAR_CONST(0x3ba176c3, 0x8cbdc9f4, 0xa42bc651, 0x431376e1, 0x94dff922, 0x675c9051, 0x6d4a7c6f, 0x4091e64b), SECP256K1_SCALAR_CONST(0xecc3219f, 0xf94393d0, 0x0ee781b6, 0x4869d156, 0x91e1dd26, 0xbf10e5ab, 0x0380479c, 0xde5a7aaf), SECP256K1_SCALAR_CONST(0xe9aee4e2, 0xd3ce70c0, 0xce9eea18, 0x1e03446a, 0x70093814, 0x8d61bb99, 0x7d21c684, 0x3af3f4ce)}
16 | 


--------------------------------------------------------------------------------
/jubjub-12.program:
--------------------------------------------------------------------------------
 1 | b0 = bool(#0)
 2 | b1 = bool(#0)
 3 | b2 = bool(#1)
 4 | b3 = bool(#0)
 5 | b4 = bool(#0)
 6 | b5 = bool(#0)
 7 | b6 = bool(#1)
 8 | b7 = bool(#1)
 9 | b8 = bool(#0)
10 | b9 = bool(#0)
11 | b10 = bool(#0)
12 | b11 = bool(#0)
13 | inner = b0 * b1
14 | x0 = 33860316972155444993786373798026421371939187633298958089058826269505131570572 + 4226393914626074620948936004615547265604490912620318630245965505957185135143 * b0 + 37441526755211924331825564564236519453867190604113937282895033561968998282370 * b1 + 3446994320820307097032031501091944760790429817635120053161522474524483867619 * inner
15 | y0 = (2*b2 - 1) * (60671692165106483604271687017658706228693866043851659747576035057462336816439 + 106623529194841966177978043613161462997819727543347939845701802773096694465177 * b0 + 47938224980456232503229816213054428273092270511117363623465803065343455516367 * b1 + 26554478576463918077403240924474355766273225414729945824912137490949982314478 * inner)
16 | inner = b3 * b4
17 | x1 = 54431971297229333624718753949579168895356996521621374249159580775338578475429 + 109922599987230381266865652034812824606163384270625196619141286808347466603483 * b3 + 20881437303513882536145000241140988275700410965039187707257793757735868573130 * b4 + 45711614629433279542775433538377308708179109987126099483045222567080372222169 * inner
18 | y1 = (2*b5 - 1) * (67941070270336610898300787086032880265370242167256588327808127727855653354684 + 7914610996944504619334512747300914331923604833539601302037069388032620265253 * b3 + 37484988275126684089135411772496467274419121649974161751318074268189768049590 * b4 + 58423187167962183997790956993675791196533256124157404338019371616198352161516 * inner)
19 | inner = b6 * b7
20 | x2 = 88930973464381297635837024470312311848883448831298461469838934561563052702686 + 67691388604549271616499668186959250400639820539227465051600028147715753701547 * b6 + 5905242161836463391747922240547459274457254646794898858995512087108916744203 * b7 + 88920389466874909325689300380323478613679953240730946873892524093955830967798 * inner
21 | y2 = (2*b8 - 1) * (54280578284730686408505881826997798704097184887771637185376274859358469690413 + 102486172936731504811956156089256114251973053935237746031773679589242932125299 * b6 + 89297066128574112542649957033071053162857631507004030297537684798336399067439 * b7 + 82864044407841968794212878273644603654837796015523818432366123748474118696330 * inner)
22 | inner = b9 * b10
23 | x3 = 65451959348736685490191104056762622567632773177268838749346319292580156737489 + 113376016858564156775591284924797246334836388724033691868505272651511287807418 * b9 + 91789743906880627141660491631704736858998154305203490500851220037915508425096 * b10 + 54168485752751298105165992994527168261297184511677113147426879056474828063084 * inner
24 | y3 = (2*b11 - 1) * (89675333398076471056554693784413522735391158043442244021562090712870883698282 + 12766819575197444644518949406591763589856820725718005604518479450789243520350 * b9 + 45853769813178221631807171325707236455821270565640117700637507476073749817738 * b10 + 84385214790007112537133629204957247489423816501707208011870621267303842560307 * inner)
25 | x = 97659034572562404510455889695647122327843955631394210955996135893358228838468
26 | y = 83880525541447967487748887857247499794049110861313306652838600571082144813604
27 | xd = x0 - x
28 | yd = y0 - y
29 | lambda = yd / xd
30 | x = lambda*lambda - 2*x0 + xd
31 | y = lambda*(x0 - x) - y0
32 | xd = x1 - x
33 | yd = y1 - y
34 | lambda = yd / xd
35 | x = lambda*lambda - 2*x1 + xd
36 | y = lambda*(x1 - x) - y1
37 | xd = x2 - x
38 | yd = y2 - y
39 | lambda = yd / xd
40 | x = lambda*lambda - 2*x2 + xd
41 | y = lambda*(x2 - x) - y2
42 | xd = x3 - x
43 | yd = y3 - y
44 | lambda = yd / xd
45 | x = lambda*lambda - 2*x3 + xd
46 | y = lambda*(x3 - x) - y3
47 | x == 45756244801846456547274572319953636960267356875538872907248542792234260298386
48 | 


--------------------------------------------------------------------------------
/jubjub-192.program:
--------------------------------------------------------------------------------
  1 | b0 = bool(#0)
  2 | b1 = bool(#0)
  3 | b2 = bool(#1)
  4 | b3 = bool(#0)
  5 | b4 = bool(#0)
  6 | b5 = bool(#0)
  7 | b6 = bool(#1)
  8 | b7 = bool(#1)
  9 | b8 = bool(#0)
 10 | b9 = bool(#0)
 11 | b10 = bool(#0)
 12 | b11 = bool(#0)
 13 | b12 = bool(#1)
 14 | b13 = bool(#0)
 15 | b14 = bool(#1)
 16 | b15 = bool(#0)
 17 | b16 = bool(#0)
 18 | b17 = bool(#0)
 19 | b18 = bool(#0)
 20 | b19 = bool(#1)
 21 | b20 = bool(#0)
 22 | b21 = bool(#1)
 23 | b22 = bool(#0)
 24 | b23 = bool(#0)
 25 | b24 = bool(#0)
 26 | b25 = bool(#0)
 27 | b26 = bool(#1)
 28 | b27 = bool(#1)
 29 | b28 = bool(#0)
 30 | b29 = bool(#1)
 31 | b30 = bool(#0)
 32 | b31 = bool(#1)
 33 | b32 = bool(#1)
 34 | b33 = bool(#0)
 35 | b34 = bool(#1)
 36 | b35 = bool(#1)
 37 | b36 = bool(#0)
 38 | b37 = bool(#1)
 39 | b38 = bool(#0)
 40 | b39 = bool(#1)
 41 | b40 = bool(#0)
 42 | b41 = bool(#1)
 43 | b42 = bool(#0)
 44 | b43 = bool(#0)
 45 | b44 = bool(#0)
 46 | b45 = bool(#0)
 47 | b46 = bool(#0)
 48 | b47 = bool(#1)
 49 | b48 = bool(#1)
 50 | b49 = bool(#0)
 51 | b50 = bool(#1)
 52 | b51 = bool(#0)
 53 | b52 = bool(#0)
 54 | b53 = bool(#0)
 55 | b54 = bool(#1)
 56 | b55 = bool(#0)
 57 | b56 = bool(#1)
 58 | b57 = bool(#1)
 59 | b58 = bool(#0)
 60 | b59 = bool(#1)
 61 | b60 = bool(#1)
 62 | b61 = bool(#1)
 63 | b62 = bool(#1)
 64 | b63 = bool(#1)
 65 | b64 = bool(#0)
 66 | b65 = bool(#1)
 67 | b66 = bool(#1)
 68 | b67 = bool(#1)
 69 | b68 = bool(#0)
 70 | b69 = bool(#1)
 71 | b70 = bool(#1)
 72 | b71 = bool(#0)
 73 | b72 = bool(#0)
 74 | b73 = bool(#0)
 75 | b74 = bool(#0)
 76 | b75 = bool(#0)
 77 | b76 = bool(#0)
 78 | b77 = bool(#1)
 79 | b78 = bool(#1)
 80 | b79 = bool(#1)
 81 | b80 = bool(#1)
 82 | b81 = bool(#0)
 83 | b82 = bool(#1)
 84 | b83 = bool(#0)
 85 | b84 = bool(#1)
 86 | b85 = bool(#1)
 87 | b86 = bool(#0)
 88 | b87 = bool(#0)
 89 | b88 = bool(#1)
 90 | b89 = bool(#0)
 91 | b90 = bool(#0)
 92 | b91 = bool(#1)
 93 | b92 = bool(#1)
 94 | b93 = bool(#0)
 95 | b94 = bool(#0)
 96 | b95 = bool(#0)
 97 | b96 = bool(#0)
 98 | b97 = bool(#1)
 99 | b98 = bool(#0)
100 | b99 = bool(#0)
101 | b100 = bool(#0)
102 | b101 = bool(#1)
103 | b102 = bool(#0)
104 | b103 = bool(#0)
105 | b104 = bool(#0)
106 | b105 = bool(#1)
107 | b106 = bool(#0)
108 | b107 = bool(#0)
109 | b108 = bool(#0)
110 | b109 = bool(#0)
111 | b110 = bool(#0)
112 | b111 = bool(#1)
113 | b112 = bool(#0)
114 | b113 = bool(#1)
115 | b114 = bool(#1)
116 | b115 = bool(#0)
117 | b116 = bool(#0)
118 | b117 = bool(#0)
119 | b118 = bool(#0)
120 | b119 = bool(#1)
121 | b120 = bool(#1)
122 | b121 = bool(#0)
123 | b122 = bool(#1)
124 | b123 = bool(#1)
125 | b124 = bool(#0)
126 | b125 = bool(#1)
127 | b126 = bool(#1)
128 | b127 = bool(#0)
129 | b128 = bool(#1)
130 | b129 = bool(#1)
131 | b130 = bool(#1)
132 | b131 = bool(#0)
133 | b132 = bool(#1)
134 | b133 = bool(#1)
135 | b134 = bool(#1)
136 | b135 = bool(#1)
137 | b136 = bool(#0)
138 | b137 = bool(#1)
139 | b138 = bool(#1)
140 | b139 = bool(#0)
141 | b140 = bool(#0)
142 | b141 = bool(#0)
143 | b142 = bool(#1)
144 | b143 = bool(#1)
145 | b144 = bool(#1)
146 | b145 = bool(#1)
147 | b146 = bool(#0)
148 | b147 = bool(#1)
149 | b148 = bool(#1)
150 | b149 = bool(#1)
151 | b150 = bool(#1)
152 | b151 = bool(#1)
153 | b152 = bool(#0)
154 | b153 = bool(#0)
155 | b154 = bool(#1)
156 | b155 = bool(#0)
157 | b156 = bool(#1)
158 | b157 = bool(#1)
159 | b158 = bool(#1)
160 | b159 = bool(#0)
161 | b160 = bool(#1)
162 | b161 = bool(#0)
163 | b162 = bool(#0)
164 | b163 = bool(#0)
165 | b164 = bool(#0)
166 | b165 = bool(#1)
167 | b166 = bool(#1)
168 | b167 = bool(#1)
169 | b168 = bool(#0)
170 | b169 = bool(#1)
171 | b170 = bool(#1)
172 | b171 = bool(#1)
173 | b172 = bool(#1)
174 | b173 = bool(#0)
175 | b174 = bool(#0)
176 | b175 = bool(#0)
177 | b176 = bool(#0)
178 | b177 = bool(#0)
179 | b178 = bool(#1)
180 | b179 = bool(#1)
181 | b180 = bool(#0)
182 | b181 = bool(#0)
183 | b182 = bool(#0)
184 | b183 = bool(#1)
185 | b184 = bool(#1)
186 | b185 = bool(#1)
187 | b186 = bool(#1)
188 | b187 = bool(#1)
189 | b188 = bool(#0)
190 | b189 = bool(#0)
191 | b190 = bool(#1)
192 | b191 = bool(#1)
193 | inner = b0 * b1
194 | x0 = 33860316972155444993786373798026421371939187633298958089058826269505131570572 + 4226393914626074620948936004615547265604490912620318630245965505957185135143 * b0 + 37441526755211924331825564564236519453867190604113937282895033561968998282370 * b1 + 3446994320820307097032031501091944760790429817635120053161522474524483867619 * inner
195 | y0 = (2*b2 - 1) * (60671692165106483604271687017658706228693866043851659747576035057462336816439 + 106623529194841966177978043613161462997819727543347939845701802773096694465177 * b0 + 47938224980456232503229816213054428273092270511117363623465803065343455516367 * b1 + 26554478576463918077403240924474355766273225414729945824912137490949982314478 * inner)
196 | inner = b3 * b4
197 | x1 = 54431971297229333624718753949579168895356996521621374249159580775338578475429 + 109922599987230381266865652034812824606163384270625196619141286808347466603483 * b3 + 20881437303513882536145000241140988275700410965039187707257793757735868573130 * b4 + 45711614629433279542775433538377308708179109987126099483045222567080372222169 * inner
198 | y1 = (2*b5 - 1) * (67941070270336610898300787086032880265370242167256588327808127727855653354684 + 7914610996944504619334512747300914331923604833539601302037069388032620265253 * b3 + 37484988275126684089135411772496467274419121649974161751318074268189768049590 * b4 + 58423187167962183997790956993675791196533256124157404338019371616198352161516 * inner)
199 | inner = b6 * b7
200 | x2 = 88930973464381297635837024470312311848883448831298461469838934561563052702686 + 67691388604549271616499668186959250400639820539227465051600028147715753701547 * b6 + 5905242161836463391747922240547459274457254646794898858995512087108916744203 * b7 + 88920389466874909325689300380323478613679953240730946873892524093955830967798 * inner
201 | y2 = (2*b8 - 1) * (54280578284730686408505881826997798704097184887771637185376274859358469690413 + 102486172936731504811956156089256114251973053935237746031773679589242932125299 * b6 + 89297066128574112542649957033071053162857631507004030297537684798336399067439 * b7 + 82864044407841968794212878273644603654837796015523818432366123748474118696330 * inner)
202 | inner = b9 * b10
203 | x3 = 65451959348736685490191104056762622567632773177268838749346319292580156737489 + 113376016858564156775591284924797246334836388724033691868505272651511287807418 * b9 + 91789743906880627141660491631704736858998154305203490500851220037915508425096 * b10 + 54168485752751298105165992994527168261297184511677113147426879056474828063084 * inner
204 | y3 = (2*b11 - 1) * (89675333398076471056554693784413522735391158043442244021562090712870883698282 + 12766819575197444644518949406591763589856820725718005604518479450789243520350 * b9 + 45853769813178221631807171325707236455821270565640117700637507476073749817738 * b10 + 84385214790007112537133629204957247489423816501707208011870621267303842560307 * inner)
205 | inner = b12 * b13
206 | x4 = 30733270695114255474179995693062501537188166769480567855484934644121838593288 + 41843445197469758275278236767424117764769812625086743074447835033803871493503 * b12 + 89149585902572769939844662396752372957201761150094821282671225123656900054558 * b13 + 68619315336272089961141851595360751363933209021459590139410170018969237768298 * inner
207 | y4 = (2*b14 - 1) * (2587274125223747214103178801499820450070701236005753042324229146418902149537 + 10057237954277581473864447071551267669291243678180559456522624232325051464377 * b12 + 111391247346570272597172485607827547702057040779135727467721921162355020166772 * b13 + 84792018272686873254709316254289887879344353220504296072281842365669454971377 * inner)
208 | inner = b15 * b16
209 | x5 = 25035820445340070943139609257460962514656075216503992514165748811238727779550 + 84866909478457437003478165133952766385543931201854117081964079622847194637681 * b15 + 82084517932670254084599541015297043303678543413049426836440087444843205986432 * b16 + 87214924702127554641980519162985324137670060047871712664904850912007490684950 * inner
210 | y5 = (2*b17 - 1) * (59913200772692539626046113072997426545581484626437040475214012295445734311982 + 14749237545714527901123651786122034274431747030914276868918523732483871892130 * b15 + 7469154284945361648578855171824106486061429836004233430725604994591296439538 * b16 + 107545671356138370851118733914219649068894671080530359032315490135273326726902 * inner)
211 | inner = b18 * b19
212 | x6 = 13311138140066761459404618988626040366085773893124788047050152787289418403258 + 44056692330460254659769027106557590085985565711458555579304150014558343778970 * b18 + 44818794418362906799299302902020134699153500980593972804900985468916403721937 * b19 + 54863958965231320701533055257334624375524760420005772506856886950605160369345 * inner
213 | y6 = (2*b20 - 1) * (102117014955705575959623858932281439646073420708517313094811946356915167766551 + 49839634457122342749632915355629936580573494269272840496775499766920171379098 * b18 + 51262614581227667539812544779762266429108431151809065393222740293161056571161 * b19 + 15292636614739455419815562454666864586634474240816653131234507817436276356298 * inner)
214 | inner = b21 * b22
215 | x7 = 95010881276639922005914917651750538742619706898460615615344699756091544425391 + 48938559988070616763194425090842982321117211216135677038263504146717892136551 * b21 + 91953774548662954821980712463525191841705092346040884266432710770123517316093 * b22 + 103392487974062033655581207793799331738979472128370164258268473184509696672758 * inner
216 | y7 = (2*b23 - 1) * (38667759103943533362758497793305683610289650765581589733666387889467420116146 + 107399426453888734345351115946706731176380113066346117568394954868287551878507 * b21 + 95026242949941224026008230366294307174206991013015052925331841530379671874539 * b22 + 65322883399688449729152653410843576368062495377690264452749360499235990230062 * inner)
217 | inner = b24 * b25
218 | x8 = 8411416142822721941124080054953714175010302856925872381699610147508766198438 + 33737938285386243634057159008334462151541152781660858512423760914244828828930 * b24 + 43011982754871383371653957285347108629901670285299813934394139742860602871256 * b25 + 65191242767433721911902130174941496083931921870412024243581391622157456621389 * inner
219 | y8 = (2*b26 - 1) * (52785340782668036407952257395228683326821511643071960112600388386371878269618 + 25158261700112138362583558697124842464011987446326739200780665145350227063672 * b24 + 33899198907057060021604368607190293541868679280853196009301965951492936263578 * b25 + 66290967881677094799955955264529305391862880877571368051210151342724748701211 * inner)
220 | inner = b27 * b28
221 | x9 = 55913207020155169205606095253145756669846378044486988973130442139082553613849 + 59427082381908107465204551039911558130347666634056696808394633609920913507413 * b27 + 88845342534360932144647894837521513735889700395860905783449989066651766135576 * b28 + 70359403842756754124751145894901642151245966665536529096062500037757039795838 * inner
222 | y9 = (2*b29 - 1) * (57503160300075095536177081165534533147841994154076489764929321930563621992299 + 89931964273136837664676729970746680320677292784060056360799406664519895898963 * b27 + 73543171356793984368503954110168399439941768090486118534861776798564339037610 * b28 + 87107792781743023065195458989251453613041890452690416056036130704080081167454 * inner)
223 | inner = b30 * b31
224 | x10 = 29633542631682911438638685612481269260951414954874072472655265408703537959243 + 66264564174622352566327481863031237859073149175702807429574311173668677418851 * b30 + 19151982247460887158132612035890227817523561420740855625766243171151164617912 * b31 + 63868340269187844240902195914781360058504440168945552958646038402598070508622 * inner
225 | y10 = (2*b32 - 1) * (28248260569463965213018670642357818131036726674139397429399646102276894673683 + 12324909917870350454550514681824222090142389330038284196527316897483638789030 * b30 + 81271730891114673685892529344015522318474567383197360182706970414511761999313 * b31 + 71249542437391727902880653667678475603629202543107560150113703944109619532892 * inner)
226 | inner = b33 * b34
227 | x11 = 73248382074389596756452911501623294446744363676965329425600813424849873613199 + 5522135253159756131756209033957923843939868356671062846852634167179547313729 * b33 + 2109877780698555824459243841279414548255977313990317688298723037321727397807 * b34 + 106350687090620468458157503160639668196923160059958770710245290092609482971950 * inner
228 | y11 = (2*b35 - 1) * (41286419974058525743110399365447243533577555978187988037687857142764758803266 + 80656033737192439024583992623941311683074519158347719255910719419885958592613 * b33 + 37464196566178059117417652747584780963369196014272738371646756209726770418300 * b34 + 84919009971409185873030965409080944761509172748948903956607528412537826523770 * inner)
229 | inner = b36 * b37
230 | x12 = 73182048111244492279108107068311889881512371965869552997440613874741424981831 + 22839855117725518878945858082171032430723972081554950574511011667480142035005 * b36 + 25944898768907996218531920835219810338336233848977076917463700389911471697744 * b37 + 26862809867744141147009828134225496901691584377744947342099480443235790400157 * inner
231 | y12 = (2*b38 - 1) * (16777435456203204476947363279182218202961872177784856782798630205919199257489 + 58839346237032636507463735002191955228714795572434184243252616112522881266327 * b36 + 68923008469557330978870509047827647175110739094207743142293225507600648590029 * b37 + 102997539866921324710840442771237639851469896243757883102696230839656386703591 * inner)
232 | inner = b39 * b40
233 | x13 = 50588272554553998349004858197229717476591421199029779377624450686259922575241 + 65486930156978283074073591673493531895542332262229004173805862059369930483920 * b39 + 60209403506320401736614926335275960845703396008099196200952283371697255436890 * b40 + 77343639726190153146082619210509597523639526262875348892651906340990352302837 * inner
234 | y13 = (2*b41 - 1) * (90874025597000825453098621715884930544101648858864139944609546503670927633903 + 58281307168710408509356464339579482597911598264898551290165795608794541925556 * b39 + 99632891165444325965527631902139052767347664716955264168401635700977029290742 * b40 + 38194620733828167346301413021732938950089338282111241906816535447479029620921 * inner)
235 | inner = b42 * b43
236 | x14 = 57727844442944156664156605086562232407938222860528160658199003480860034630156 + 12213209531623351366670034594012575904625764567442449017253330369388523358001 * b42 + 22372524779805939232055558051753551613650658134878325454350291133451722018221 * b43 + 99977399144312533969768302355379497883517768531363017881078986365285743746208 * inner
237 | y14 = (2*b44 - 1) * (83947856516154291400692444563907935091584459986177373065759193478680318722596 + 96179987096613403306163541872872169032600523409197678016691509032685363420327 * b42 + 21833664423677635331464780738166894244039230859467230712160791905317370217472 * b43 + 99152339212633073233321523331267614844350910881159491333685082085140770023617 * inner)
238 | inner = b45 * b46
239 | x15 = 58815831005196528922101427851975230856703679571886734031851459550552259455674 + 85721002540876642867391688164378624626487107751052899821262526105511277776844 * b45 + 70148578850355851736688603374936359726118031005549938686381520730156977318763 * b46 + 84299373225570069503096249981453879549622902045293941546559381933874592702934 * inner
240 | y15 = (2*b47 - 1) * (76326173816207987674646286624417300708336205060235485783064932486035151927577 + 42848443996580329491058427979815000509292007564519776205362975751930533609186 * b45 + 28623840864945300745895485974997472339951713511216910247880782167519604724300 * b46 + 106888074020922405060093763553252383830503443189574767853206734646160215901642 * inner)
241 | inner = b48 * b49
242 | x16 = 12237021982639180841854684890298374008966580340747689713952570044991847201641 + 58043305046217383593331413611928253751129617547504361210361177789848915364652 * b48 + 26374960802373441771771279770251235664886404872120991172157992712545896575803 * b49 + 102358088170538213984227585978995006478188709215801250923486602691233403375118 * inner
243 | y16 = (2*b50 - 1) * (2256857940421981929210649079861841823217966744700471188926395299257357250852 + 60590907607870835857844644330741593952645483874180734126416305729409014341877 * b48 + 96647460040158613319072073729144628505688057858873083432079580609477533858357 * b49 + 20159541063360978381608719394307347085105022303799601390001197906398091505137 * inner)
244 | inner = b51 * b52
245 | x17 = 66603265117643350709296570731947774209342700787994872357410227400027041276372 + 11734794441511979394257058216277406685202675287523103451501638599511400258488 * b51 + 80604806827204173372008992065640421096347512791347546962182704613292979725920 * b52 + 95509980439731011908847741658681637766267488835946676779725275498175984507579 * inner
246 | y17 = (2*b53 - 1) * (16351909518624476650403010162298020643942598406508053924342517975913929130730 + 63061223164706743599503077153185874360835463169391480329271912318929686995266 * b51 + 99287353405141289725961315674399862722697029767546728154592848765437028002295 * b52 + 64043703131189447665807080599122748452382614130873538040441926082175035415121 * inner)
247 | inner = b54 * b55
248 | x18 = 56824028297556777804233574956978540383345692463569545624543886570511641635489 + 110952488617357988586919138028563003357124909743880192761573529894142178927065 * b54 + 82526692090208549496220640383095001640825923693851446076044714120207087354015 * b55 + 24821862528250540948067990491498391918951810589745700374403302372890349709392 * inner
249 | y18 = (2*b56 - 1) * (60853310437605936753758696520398202526983600089583446017614538463610607187633 + 97824483228999796420221715878901594641475058690773414166975644157410665178361 * b54 + 8329295830285690202052568423215975516388157296520298792467423041812595336244 * b55 + 65488259852644497318567812884779550134753273579059563246870624282074405828160 * inner)
250 | inner = b57 * b58
251 | x19 = 8359866502871307716728216154245762591522402442982190565112805583705608271137 + 41067310705704260716943012637223100319609286677182100884748248053300803274631 * b57 + 8601645090383692466645300245986674989745782280605019512197560951126220241031 * b58 + 6068400579527580628715000132889579594744637038425547238657401727873181510038 * inner
252 | y19 = (2*b59 - 1) * (110154338951222157866408858752386086927249523174570547955915144905392700032602 + 96896940625686845945196561948837695223855482072749104443520915941147655040723 * b57 + 1618148355907442374905603643987122956493390398107748743046509959689876394112 * b58 + 100712122143155296520720649486248978550906947685673055998149230875061090524426 * inner)
253 | inner = b60 * b61
254 | x20 = 37287171075822244213569076204437593470230771088686989616463419667049465052225 + 86059931446864270411562833510952319662672652148401531873124521411313051197297 * b60 + 66820497254966682574009414615136507631903405507474484767648132975390479203833 * b61 + 75604440239310923947583859695423904035042358834907536153090813848498124985533 * inner
255 | y20 = (2*b62 - 1) * (70520995619489162795097764728270449090739518275229869570648015267487619905848 + 56812385211784391241111817861728969595288891994028410841816240905442233765076 * b60 + 78961234671486903519834018376983149815421374929456065327842608272864475083037 * b61 + 67101905276187145319793929027635209318151767552866232752491351741062479875440 * inner)
256 | inner = b63 * b64
257 | x21 = 92052609322910358004278259661558449559961786539854852837116363820422053872321 + 7463958927200229768242436217014281137955085234891030657326467765368760305351 * b63 + 57902654133107036991725878371584542019822208106632718272379801067460673326754 * b64 + 87089336172143096526920794436217950306424448208797418763390634447582016746614 * inner
258 | y21 = (2*b65 - 1) * (63875028040890532234206641476644951560545418856602112667530615132328637786708 + 74573097149450953379116014654558785223691366567829285822605327971597594359120 * b63 + 81253797022240921882025986317081649415559178897718510823904405595427379765413 * b64 + 70815895107453354315192737700702151937590047637594551739261531933822105317041 * inner)
259 | inner = b66 * b67
260 | x22 = 75500503887445573436574808261440124798638489108899351652789661495934561415891 + 103590463289021820789181030352265813822782716611695633714288758874208988917559 * b66 + 35443138471333497758084378078212854361183213296063722640583318872233603525741 * b67 + 103714089231891347924479485981918797096976314712126191350774230854780580407702 * inner
261 | y22 = (2*b68 - 1) * (86849434719933341431325866698220176908366513865113240138529673682486711033121 + 99275594555127292503722078063272315621731871009688471590441574419084032641454 * b66 + 110170994948085977787214478425627169107972122005824849282664715930199076179556 * b67 + 19869205087412985965752200540600804246108448872599294249063457207813684106002 * inner)
262 | inner = b69 * b70
263 | x23 = 113204353759995284784430340380090539747378955079938037943439920359955718500524 + 30817934087081450199938391439236407609091339652282739157053787775103247529331 * b69 + 77031554832317016983585085432696667670959517895946986966190355037167565094765 * b70 + 102986678259989634382821741231551063965576796805556513814511748562198638744381 * inner
264 | y23 = (2*b71 - 1) * (65094110591526636586504395240718126999817779916845898158455933926603139055075 + 90904427973278528046785495648255588199565075600628821571269418124393782910778 * b69 + 20975563672245634772652395433490064591353055529229888757921035730329253653598 * b70 + 100166902518119024491264094313547378282771221008775582969793622904686597006264 * inner)
265 | inner = b72 * b73
266 | x24 = 819670498725456554112562588754253705830087505248311481996166776137683644181 + 35283950506071476396423746509725475413800496392658283195838630665892679200306 * b72 + 34384663129441002707499166135539033121624833124650270646541668548690870382554 * b73 + 7527399733712966693284548651184879618074865760004671494002653440074177087509 * inner
267 | y24 = (2*b74 - 1) * (106106696234261057519684427231031718666217390975338322877766829879287870378473 + 69251685544355784419248908316140957332534829919006959133038919745806269842398 * b72 + 66995697166685670095238124667551658015443349879164046015620407247515778833568 * b73 + 109677797095127090911845578556441421844670281432436497523307992425684461938490 * inner)
268 | inner = b75 * b76
269 | x25 = 82093278653300484835424244236389703932153114583183783819308589719242035919158 + 26466271905950822119863871243747661564497722079607224526845753409410796761554 * b75 + 74181208227381804950661335324163105136575557180795203850912444348851827205484 * b76 + 11708459083500298161783264487406468433968142783229645960683265004479121932452 * inner
270 | y25 = (2*b77 - 1) * (59649796510603955478858302134201615832583226958301001645980921795461748024717 + 80426024508587160477938809918338864515174073229852681539525124207557053086215 * b75 + 51163052337776103418875282364188993810912462623956430237861793419732194923542 * b76 + 6473160374871071214307637786521541533983320114860439884214014926479550267048 * inner)
271 | inner = b78 * b79
272 | x26 = 93317146977034538816679938256202855059139935654063743224411211947712467239113 + 77481247380239134944036813419356974808843212591123536708184150419626167541458 * b78 + 46959511906069386804422049661995651814048809144182976433924020567542708261643 * b79 + 49228774653703476080177684303233968042278562488855900655182337056986240321066 * inner
273 | y26 = (2*b80 - 1) * (97920255547462007488478173892796513533459709638080276039356563523593324282555 + 35319063188642142806624688255832409425743286485547251561383173930053590210817 * b78 + 54475024020355196497136247202939057544108875748500149650137881516204199269083 * b79 + 103815789500224300450268094517213491061433618061452675293402896916919022009111 * inner)
274 | inner = b81 * b82
275 | x27 = 76460648203778005980970586806220805370091498900169392227999588435840881599864 + 93822012378400213736388573435534903985013213290396124135861872209282660511240 * b81 + 3671892689548123753582266626618078509520149103068875119939022146046783382798 * b82 + 3256584210891479938442124044747851942230589896920990735170835890203566439189 * inner
276 | y27 = (2*b83 - 1) * (65848209820894434303755686302378543768394481761358784680476119288309164221669 + 80541552340220915530631336245465493888290816891186171409747345434292701252711 * b81 + 106656416944763813516559775741704422577562294833875960255888758479101444170654 * b82 + 91029414804221924727713120349758355860795622265610861693883255862613194233637 * inner)
277 | inner = b84 * b85
278 | x28 = 105285567640439227525766996746803069373293855148223941823151696657025145098361 + 64417063655136724926017637092636715201710979209986694941999437811581431931481 * b84 + 53732696674767352086201593042983321694325727390422611230649098249808623723172 * b85 + 73901245828176319063592276728523868059189305926432855364272709254203061593107 * inner
279 | y28 = (2*b86 - 1) * (75575707347216773461746955738914903470636117020328119917864329471484966831563 + 80029778249800507136391190994137280123305641344152837075695145764448627475513 * b84 + 10804841045732828531382320510121818732321866813171756291714597153345628883659 * b85 + 25967494399461557273238856921252239580540746613066505891911647578489365215163 * inner)
280 | inner = b87 * b88
281 | x29 = 57748148607103520875345230372566869390288332192359485016834155177911020237260 + 77773448685005414655626556513338970992017264425900963392724233004915120238993 * b87 + 18847555747165493508741619153709981275277773518330985014247630304682791583314 * b88 + 23764597397255149832530022401740840894148071415477554617805387433444925226202 * inner
282 | y29 = (2*b89 - 1) * (92993941910695366629046487282642134385343171741782044869246096402242727960215 + 8351638178645459997409271560885827840146364816304394633673621426276253695730 * b87 + 19631111971654327133842432024810842643062998576782468406583984140686401460128 * b88 + 97016602767268434815735483564854760677733262259578373146729908205381524459304 * inner)
283 | inner = b90 * b91
284 | x30 = 115014892427297465363145553985518283542829877579979522503366995402926389315933 + 59030630864184543959001569794247737174774290077644691506120908528593215914039 * b90 + 52532755510654189538115480396987998384952626128830699693342251995372759788839 * b91 + 62339063845645444776262210008051612997815446619717202727711962293400568272543 * inner
285 | y30 = (2*b92 - 1) * (25959156617872119272551294645911557729188406226594131128012408717847432972539 + 33576230181298812077510381218621973343325522061789963517267246561272185415371 * b90 + 13787187070592742063025114167910675315623308232361500846357339811350822732724 * b91 + 110257429281630525208169516704072962257690515920779064291480589770671909280016 * inner)
286 | inner = b93 * b94
287 | x31 = 42529372156416565174016740688551634802805600689426030963088563816643069531500 + 63562432453065367981891369672445732521261185255626438449104564702062183865881 * b93 + 111701791699587389723920764174185142500237491784919169230193147504761848113921 * b94 + 76478667734985052599201660823917358607795064027165245244649528032000616851840 * inner
288 | y31 = (2*b95 - 1) * (84005935610929373283805580190469180016605069999905896626248533828783693231818 + 58210439882862773306950913144274238331288816692586756657348274726756746332506 * b93 + 74782244543259546156367355447307160696842520630553859952100378075759981854248 * b94 + 110329060384797752559238542570631953612942568831817245802428122092341129449088 * inner)
289 | inner = b96 * b97
290 | x32 = 25852595897615661713507878328504604501389071456820009650792356543315148729263 + 22291030752922571748887664350332099401024046616876556064160360804394263144670 * b96 + 52676984621356736531221893820046489288286834371715988720252075850058765235325 * b97 + 66920444285354553013494447714397256872348047183567632666084067728603095297301 * inner
291 | y32 = (2*b98 - 1) * (99083261191999365932705008841818825796525605108260215762176696203976491618576 + 112325627246846400720520458963846110156089644452408340034162040883322990672329 * b96 + 90238430537519121886087208696519973012843336853997833689672497356475404362561 * b97 + 115329145795292195899937844117801591257021785856516186181516482344797267905718 * inner)
292 | inner = b99 * b100
293 | x33 = 23595081766641848058162346172047954137622667792491374981114239268572883464000 + 30922761392313284061432144531987082242146273738724333795926818640866802751146 * b99 + 26836850301949061648104592831434032632713235628078523325803759671033927788727 * b100 + 28310590795668327035395835093335440062777901616850370892161154770926835315892 * inner
294 | y33 = (2*b101 - 1) * (60139666614572381956151718915499714988492630952552339293306772309556984971272 + 1738434638955933305045032544615189666279173224415780052319051385670898890629 * b99 + 64445434087494199090559025024149832403722421086978078383113736093058061210111 * b100 + 23745760138276702560092923050607104022376194552377041830398364270624734792257 * inner)
295 | inner = b102 * b103
296 | x34 = 87415851301863577359747084894019718402589012763931573784970680776788797834801 + 68907306868854968080171713782317898394227350921018631208557445918008000505993 * b102 + 28278640661608144368306827876219471543317427992470051893082410751120532235427 * b103 + 34025238695971691157716032546213282875085080322258330217489020546973442845746 * inner
297 | y34 = (2*b104 - 1) * (46220819364700379108310858959400366298268533708151522048160176037166959545484 + 47746654108064511954164153296077019796752459431748808466472572784255738142514 * b102 + 28161407884889987519505172779620038742191028278169893912218647179876075454724 * b103 + 57731980259655689222278852792460130703980586186305397519584240421019080157191 * inner)
298 | inner = b105 * b106
299 | x35 = 75139002021034440677616703173557791168955783116383231594222017124643974622906 + 50178707317920195748640253743144694309303980539597381829669916669974740953677 * b105 + 41128078761034078940932209245158198370470971523097552255537630797888603615502 * b106 + 39124741911659227688154726593126692130704023811306197586297880697439767341871 * inner
300 | y35 = (2*b107 - 1) * (45804783314262931051644481953964837786230586342602256628322906230060797506863 + 3361155935184376291807743267532868065801010086292912163679284919039727432775 * b105 + 16883019488662664233638217409831010119122831313401102852548717255502483052963 * b106 + 111961475017894809087888688776551466245312804506723966002370250166424108368417 * inner)
301 | inner = b108 * b109
302 | x36 = 34976461494435923632404053650426321555158974563953239853630658632997717762485 + 66928157926901938227016653416898104286452897856288253887698834081089649516757 * b108 + 60686376858356373172484955465967100012974488548830580945048325809236527749707 * b109 + 111900851895130325560741551493917694606602699227850444338017728217919880366591 * inner
303 | y36 = (2*b110 - 1) * (31468172362709649154876111495870315999135824051344638227627621269774082140847 + 4990315755020092083297864576016918467230286483236428670046031311045637568382 * b108 + 97838913752922795284187694926745802424162506400270436544367973223487046797775 * b109 + 36057319828185773736619944749389808901021518639940301343997618512595507108398 * inner)
304 | inner = b111 * b112
305 | x37 = 110412345823943659756431611286523766375675872737261314756735956439409287623459 + 41029906576727511064483335517641226677999220987159650726646125513474083641797 * b111 + 22675765386652275421687108960308568357836169003279859010287950253248754886844 * b112 + 45030489973094382744242901041052905522736317817017801528850464692639483388571 * inner
306 | y37 = (2*b113 - 1) * (103696429850474030655708041487376760311845344413339763399446400274783596352045 + 84638555843872732853156035301107615840452442728647952878392182752785147030634 * b111 + 111381999418106300868480672981103354227169300290799471781829353467657548686922 * b112 + 56014435862801530781394496599409493496601498347967155558394378238784798226359 * inner)
307 | inner = b114 * b115
308 | x38 = 52789825572545541399243718625059297032252858268410906443026631337033842697499 + 74503673141289195024115157066392322274131800682324337812007534860041163238194 * b114 + 98396877312762572193736478393368914925083837734762790613815571048759191756453 * b115 + 11735670751328152418010549009932966774485853275663867618240521444995385735248 * inner
309 | y38 = (2*b116 - 1) * (65936880275105979766757928055287754710384640950485784092018541784482265410689 + 90301228756868795953582049826193806014129071262596328647299685846162528619157 * b114 + 94058076482209892069950775199805068379958912453019469014499046437560286912787 * b115 + 75470785699880257541764199558274588195443711325855017655849494093132292666114 * inner)
310 | inner = b117 * b118
311 | x39 = 78626029347511060453396874059032179533462228189009077313313805821360916479069 + 103338421461429012015096334363123612310767217238418541023616363883092350336124 * b117 + 53836225369381261109710143287134573186608239238642935093231462113444143936999 * b118 + 77252235398375262415443775718626423042110581333613519776189319589784009498170 * inner
312 | y39 = (2*b119 - 1) * (11107655061641085623894919418808074377378635105715140355158903776946137186001 + 49112462242675666150768858216612274237691514669853621099932825311746697680917 * b117 + 80549184742722150553348899777973421927005836553173839240679494734498412793343 * b118 + 20512894572077091203523691242494347815238955470691159406072807711108243152098 * inner)
313 | inner = b120 * b121
314 | x40 = 57325115679883891245570004440973960197563952176711901458111881686388551015673 + 92326703235967732455706142477897679531843716876520718612025416271680471971549 * b120 + 105732344581578782503949331390887492876483036986058355844753998073266307579568 * b121 + 37767653573604103525270209985459813477962226232430174595131659679527390249336 * inner
315 | y40 = (2*b122 - 1) * (60342902662387519741647611116072205721852432606960633956341267946555167329230 + 23456096830600436107839684355703184088740594131301235847497084427560876570948 * b120 + 3406443015584795013730904032311773437526198888104554987498490817573468426221 * b121 + 51742641061209524931574079247397147265773526469986202967411843895692956125625 * inner)
316 | inner = b123 * b124
317 | x41 = 86900084386997005549044509483085139668854701568048589099387442706949069474530 + 107723011109702541299705058041143558146337558887219437055510199677443823488339 * b123 + 86861173365284062320273816875614272203110656414183021175559169401337470798326 * b124 + 34658583851901226566764154273930690009575271537354730184082308752364534964840 * inner
318 | y41 = (2*b125 - 1) * (72848193820263119054572249408634403887221328866546275155532932002554716982015 + 100241246162270079489338371961365348880989111239136863919554653119089434808805 * b123 + 87234996233572331034894739129338383784953281283888197096330753903879305170467 * b124 + 93650258659847030758122848535616412916568316964406369989196531158113978550056 * inner)
319 | inner = b126 * b127
320 | x42 = 68993274464871341857706253975928468058535574908374417979570638826822718511713 + 93749895165478994921238426334818598253676231361268129300721589909026154341559 * b126 + 2428682502231945236494912514962021786132157153495452626493868963573146764137 * b127 + 57522144673840301058263874473169780854977025701364947877009487178686067760987 * inner
321 | y42 = (2*b128 - 1) * (58384990549119489105681012049087421229967291229545620600540393350330803398915 + 65551509655160251498238428846200030328434066638989830711810197082867876371497 * b126 + 107400292086110403013842220808153381478226576226813804709092093428751159485543 * b127 + 79149406139812940000970341213103049307970740482201965683280895231402976770775 * inner)
322 | inner = b129 * b130
323 | x43 = 3892867714565978917529849681733796044415796411026145753887154989237000520407 + 62152649349020519662854824391428997947889060785067917981775014381063817244503 * b129 + 50461780059858096675339690573513155246139887312382865037010872459737910199787 * b130 + 73724264742566630659262589843976877629590168901832038955581842681505071277528 * inner
324 | y43 = (2*b131 - 1) * (44051696373305205741993288478136983497706156210585274764186964401983602903539 + 84743822489376537097799156850773120456267554945941838085911422075666098752152 * b129 + 79260676722898476382794857351544160830834034238063229848152884572340048350125 * b130 + 36481615204886465653029858186727315746368620832484861483817063505848112358209 * inner)
325 | inner = b132 * b133
326 | x44 = 99196084586266508671450098214774513808844273973675770013883552850808363100554 + 73358637834577344628994754063727252010892169935240380158522029218015317406960 * b132 + 58557077726571837980213262599228805991939759024789240389678826742229415544675 * b133 + 31633179224822212700047573498231969469714971407582932928462726086910275183458 * inner
327 | y44 = (2*b134 - 1) * (94568621828316400253135383675822949073145812480561158733100135480982233477421 + 113147471480993515805119853552694696343416922509606487565054140084561589330182 * b132 + 44285076462358958144402803819661954819573205358356468908303696501092979360041 * b133 + 61864642686609735696236897146396733840801557805084228498084041956948041430618 * inner)
328 | inner = b135 * b136
329 | x45 = 58054967612158427405700602781365275448858867180883236765020356449037432970354 + 38505492516593544322423450881689167345067349095151410563902901974996904379043 * b135 + 93075221701152587110568650456745886813529163590135604891333151357384720494640 * b136 + 112021938130271887593156813827001973257162181482471310339586891330252425714121 * inner
330 | y45 = (2*b137 - 1) * (92666389014279986688806596895448539679033011888280944182187550380843489014359 + 89107075153849093222471248876224219050505999669276670307380948373526700221984 * b135 + 113061224410488037964982474807301126263134077701861523865887281935421668590214 * b136 + 107741037188205298135554460840403126774869706627941395508479831721363562102337 * inner)
331 | inner = b138 * b139
332 | x46 = 56845688851259932791029211833453304880479467041169171231342237933907484745603 + 34181165091268455566512516066247910094442783377563303440629805607635112067175 * b138 + 69930455892973159964365209089600683488359031706036387591795560310258156416814 * b139 + 47959132733719009515128335791857433192058337219597660875028986221262515598704 * inner
333 | y46 = (2*b140 - 1) * (39623598026200935473099965900366495866970395105357011160816337407508939653958 + 99889411026812559207560074670535477328581535627132862563589224558160952448124 * b138 + 100611554500958549276194939286204812658960337168450932006638869723243608035504 * b139 + 98641546375267806598552077800661251500612358603394852610657733271430024508668 * inner)
334 | inner = b141 * b142
335 | x47 = 92242945469987961757927266952823568185295644654792157747106008188193502412968 + 109487749023073530280718575732329875479248215295799346359506945171067309025786 * b141 + 94326252046737935868816683878714765029991804600067987129889990946198345155699 * b142 + 49447955690080149920320583842330756749578326829742173472594946895964706880584 * inner
336 | y47 = (2*b143 - 1) * (7646222959151540482755319894233823066938494494402530887710894580413559084568 + 21586946311356482232325491379494562274844255371141590461368280558593865891242 * b141 + 23608578961029173547226561965593128882110211082551699088057833299020752528361 * b142 + 107055307621967024644341405483598780483004329266985381807574225045554566015654 * inner)
337 | inner = b144 * b145
338 | x48 = 15208254283395187615479620309247998474727361372877848085565552525567855685961 + 97668680706528759701525575651396907285640097779545320009451707773395867393795 * b144 + 102270419445851111652486321386078490523880878695611221343762871755536955050569 * b145 + 76109597036487094582754796294013628123871870481851874664639429966386559648889 * inner
339 | y48 = (2*b146 - 1) * (37481874966610980958833687217349115658523570354602823546145195784805566439451 + 51924841265989896955582577587612020067455271233033814832023091904664952365506 * b144 + 67837815634908346081231798701077434954638141248782898889693883409715124367304 * b145 + 85886871105591144230430703722165603886713977873642147511237794974950073822485 * inner)
340 | inner = b147 * b148
341 | x49 = 81555967157258454460196129571720669120316820232287098038192533754165354083587 + 88047169869227933455364679015650545087995015034497124859934758676248089091229 * b147 + 18258270386907736156213852179914711074781787228509905817854606405362433831393 * b148 + 114362801408154267251219047620347335404517043037860492619430813630550117225906 * inner
342 | y49 = (2*b149 - 1) * (78168700853572553514785355998243689151945745252723076179145518103285160689138 + 106085205350315424386055069137499602876180540862980921152451198331930175244321 * b147 + 11267441815545302499663093659699859252625860127032595490254706282084873266579 * b148 + 12381050870301825806219841809142888203623688097211972261303046910895186314666 * inner)
343 | inner = b150 * b151
344 | x50 = 17869353712353515018564372557492811081474983046759000169160112394894175259549 + 27827016775997858857471136893958674933052195673792284857519496227969075597212 * b150 + 115620005382722356911280232765292578022063590837845654064025395747664417441693 * b151 + 111314273597552139321170320332766700657223613145803657725760057914402856899424 * inner
345 | y50 = (2*b152 - 1) * (6203691599441531944709854749960319345778876445249804595908860496616030069432 + 58295034494004706696334276875211281073653392639877401080254496641396013220505 * b150 + 44017291644345935458174141856028643888883110822826613328050670384584118603598 * b151 + 79537596427891049283314547961922065996858894982933204874596018170808694233573 * inner)
346 | inner = b153 * b154
347 | x51 = 58994093321861136317629977085449167453770668986728987071736846371996944501871 + 87054649756756938233205556916865387540294333128090566112563544655416564109281 * b153 + 107323992459597169303757695055720233108956117063358619589868406440329809849784 * b154 + 64088158353453496576517240212731977787574425289496296320564028619841652043472 * inner
348 | y51 = (2*b155 - 1) * (64656509373709055355139084135690264887577288432080996253925281455397206377061 + 6787561111194538170856968535250050298549981437973028150141478298627424226935 * b153 + 48741999639086143761370656927024333094316743549350002511203494781279026032607 * b154 + 112163800033930197665314646170218221669926218910370550406709778719562353182550 * inner)
349 | inner = b156 * b157
350 | x52 = 45887223693317418651309606300853873815611561443116499658138315788823502360285 + 115227630754003360878675122656960449895522478198613300433147362861688477055915 * b156 + 8169632809257662559377631008250494162464961264590053024627992966336570328923 * b157 + 43346583929464740166501236457946277561284511456516078673850177408204488829905 * inner
351 | y52 = (2*b158 - 1) * (69296484324986829636576254840677913888020201824438150251005049259863118294505 + 37216385294547428148219543635057077983929255445612216124026537516315598199227 * b156 + 114015856000511545833181422040028147241840429857269276130026808845591902652469 * b157 + 88853812738735505563201019800427742544063654386997629341816440822067835856497 * inner)
352 | inner = b159 * b160
353 | x53 = 9317115755266900422884502125996360521600871876650694692974645248721512062613 + 64145684353332986715743874048295256350470778702683406414496846331204887020847 * b159 + 104616875171229161396937987249612283859114822571163011251964647526181675959515 * b160 + 12418992367030337241506310411374453817123993535953619349538782800442570303889 * inner
354 | y53 = (2*b161 - 1) * (52798507651060309623919999735862328933076847198279295495925473351256058450918 + 60423727545111697882641187414277788124724350154968519687739605835619553449626 * b159 + 100874989086947284018176077941069077009114113621209971144405385645985354211736 * b160 + 95971632025513393044089848121585349294609213187468791612286081551563545540879 * inner)
355 | inner = b162 * b163
356 | x54 = 39839253912630740583536841359135441038155005388262152634814013065875215357283 + 108453144181615174182586209123366122940713791177302448148211019554080409241075 * b162 + 64568976066877416289199177458757476126024668213496943610967378438510355982134 * b163 + 64100440923824770893891257936439409950074987748504228639125747348732810474333 * inner
357 | y54 = (2*b164 - 1) * (29077362423961533714183719418931273405550299776477289372526746224963313820808 + 86621435194712049548903567827859018522922697553025610706858939838055398230699 * b162 + 102700691900809584662832962278931286347117960230802920208636351160996817310369 * b163 + 930085293863244575975281835955944740905473062568695057870958426962999354533 * inner)
358 | inner = b165 * b166
359 | x55 = 103904875190193639717742757177160042287000995906770700802631536033478358253918 + 90210159456038036965798045908117558610414057587946542807403165285324104556874 * b165 + 64676621149727673512663369492751916368161090120724710413640229701482898787782 * b166 + 44391283415546651217735960154010547046401920927290285739726305195321480132106 * inner
360 | y55 = (2*b167 - 1) * (69147103419145471739245368407464088312437257646300394029688741168207940815275 + 99573729327451277849789140585569807059151984614219307691942376384586135788714 * b165 + 79335766377643906864513200793915195214314564567150058722269316443838687855992 * b166 + 111731667481011587138563098750121324263839184287457310805370204911204861140992 * inner)
361 | inner = b168 * b169
362 | x56 = 80276288800164408840321470203924756977962186770373747537799085560626593813738 + 2393095001528275465162718431352376542352335464942993158582184210529385392349 * b168 + 52199167517149491370441095544831189086080224135444728507446706515045578047259 * b169 + 52121382853786090719523007231696632121884742645990627591112653344175193910289 * inner
363 | y56 = (2*b170 - 1) * (95066749609397964625558826820574860972355653516977147727504424242107151319587 + 76220865473681503478143203870055330792503500233327543228901639454351231518150 * b168 + 47308896428418877566761710306147518848615433081846458221140273861344347041426 * b169 + 78738552973135592049912401134582337091009903317165935873605625816638828549355 * inner)
364 | inner = b171 * b172
365 | x57 = 67057095087723953348417742659349788845328125808703023379017582216013165255241 + 87010611251084657921043062350518973361897979366611004559070343077913319776195 * b171 + 100283730426818669588023163799514348286356351669206659923974253054991919225875 * b172 + 59138665887739122428902481933918091785774779924611085841591345912658896096902 * inner
366 | y57 = (2*b173 - 1) * (108802839865163676725108651197545318012913597855608928798706903875554029463264 + 92875017335532815586826429760189215285627198260232058264054224404041407756807 * b171 + 41077028047738608960826239630402074858955230129035953542857273807325176455309 * b172 + 94507571017695574392097793981172396214650064116076916647444826248382501483251 * inner)
367 | inner = b174 * b175
368 | x58 = 19575710839727739962413189117506001222606117763719813387750060733387644908349 + 80858316643853046178869350435411232939187025806211828293284771843089125522305 * b174 + 86154720473302811559136149393223544253783346502294776690451079262012905051271 * b175 + 13250988150733642408599152994480317187238402280681580986641910161294349900242 * inner
369 | y58 = (2*b176 - 1) * (103449031295586103655250907032815028373594201731218689203262870964210961724768 + 2694619724061015117659481774766862966790645904395670015439782179508605210178 * b174 + 39976182548015803381503515094623888235965500452731089513476035859719158896181 * b175 + 74055412789604096024175975264525866993992232070397982050120456220349503947424 * inner)
370 | inner = b177 * b178
371 | x59 = 39571199594473524135658818831751408457383943656415015011117027201656965453851 + 81433318441425070877703769042632147361257593142432343538078928878974503328457 * b177 + 89012587899721792714217457590132500342618145002616683284726602138289488231196 * b178 + 76849261398678294704106803783334260496057075582715070989927286835253239494226 * inner
372 | y59 = (2*b179 - 1) * (55226159257224959136844491665475988643314380438855661875663106302044535751712 + 28859193303840854336522128158614974550611247139609282856737549470319105668594 * b177 + 84354458674533520506399503670279535440232140359184557000710038989402950867770 * b178 + 93547368753105463991997292529674016287994316025280257949972360623933642917923 * inner)
373 | inner = b180 * b181
374 | x60 = 90865239730649292471029143571885117891450598207108019133361273416317191406424 + 71136761326992068609510349370297610934479131593025178120252839656273765207589 * b180 + 84324763063768518216445065072993158987249929312355394064080794687837447617661 * b181 + 14566195049043013009648687119588224852866499867571602713207181561804535423968 * inner
375 | y60 = (2*b182 - 1) * (24850273383598002318419278925559344620874000998334502998812290213256168497349 + 72285625508909247169192453052402018050497829037067930332177400919882867192791 * b180 + 39282118417108292589403845144105405756995757225882677154253307218411113196635 * b181 + 69210333172502580298566649823627242925032946934727353074510741867605503995012 * inner)
376 | inner = b183 * b184
377 | x61 = 88504378746855846647664227265846367020376435795035527084078063278259045463156 + 69540996747488627498305912965365941250744580810531652323709149554007597494092 * b183 + 27131690900103694055977278178216879441492880632605107320167331024463183551705 * b184 + 74296257087543079234008057772100940858453288501546455114460497800475694889677 * inner
378 | y61 = (2*b185 - 1) * (38043017789479404006015565885345665318533936067370574730025574748665681395123 + 46278953227712111735513016524791576891828225381567089681805830342652555158757 * b183 + 106308023740993921736660559846871378389161881586925412457278542481536713626919 * b184 + 9331203705460417341026079885836966541953768455452090737129759361764784859650 * inner)
379 | inner = b186 * b187
380 | x62 = 6415677169993245657052432967776296880676217124922265979504880009689737624758 + 2504172088322278019201167702946202043376974630874991305689367724531509905313 * b186 + 41919235130630449610851238809217704112776933544948880064368969179767940151413 * b187 + 115462504513992345142306362110239398127616816394951724089771355819079379842497 * inner
381 | y62 = (2*b188 - 1) * (97023383800431547679515046578922805649303232101382158773498127245922618045763 + 75974351980698836213210739690368325280271369893548870846856619095929093519360 * b186 + 20884000558417362351510002060307483934620354381681755124872032230813824301038 * b187 + 10782615496162896747638148893468350686333681798139423466914772569466834895962 * inner)
382 | inner = b189 * b190
383 | x63 = 353461101228551709747828867604698926073377812189791853490455075161166896069 + 30754668212903425206212664201125917454488304624297668599919154437387438342268 * b189 + 115787201364162142824885846856462909097938455294929512602730068519939798040436 * b190 + 20617481936459262284756789658338909336471513008947023804226005056968553144487 * inner
384 | y63 = (2*b191 - 1) * (2218151703455110134214032338968378386543281624437015443531392532917483321044 + 5915438803987447297327122372386133947562895755841811573583636678450943497671 * b189 + 100749979968728632943360831673240941189874329461917221241734285008903543124776 * b190 + 63167561126170086973067296038559673793357474136316534477699655150641531695976 * inner)
385 | x = 98920999663769557909921817133412923145767134170189877373622124581951687667988
386 | y = 52837356900229520461200832177685861963258612432511035181039240650660902415497
387 | xd = x0 - x
388 | yd = y0 - y
389 | lambda = yd / xd
390 | x = lambda*lambda - 2*x0 + xd
391 | y = lambda*(x0 - x) - y0
392 | xd = x1 - x
393 | yd = y1 - y
394 | lambda = yd / xd
395 | x = lambda*lambda - 2*x1 + xd
396 | y = lambda*(x1 - x) - y1
397 | xd = x2 - x
398 | yd = y2 - y
399 | lambda = yd / xd
400 | x = lambda*lambda - 2*x2 + xd
401 | y = lambda*(x2 - x) - y2
402 | xd = x3 - x
403 | yd = y3 - y
404 | lambda = yd / xd
405 | x = lambda*lambda - 2*x3 + xd
406 | y = lambda*(x3 - x) - y3
407 | xd = x4 - x
408 | yd = y4 - y
409 | lambda = yd / xd
410 | x = lambda*lambda - 2*x4 + xd
411 | y = lambda*(x4 - x) - y4
412 | xd = x5 - x
413 | yd = y5 - y
414 | lambda = yd / xd
415 | x = lambda*lambda - 2*x5 + xd
416 | y = lambda*(x5 - x) - y5
417 | xd = x6 - x
418 | yd = y6 - y
419 | lambda = yd / xd
420 | x = lambda*lambda - 2*x6 + xd
421 | y = lambda*(x6 - x) - y6
422 | xd = x7 - x
423 | yd = y7 - y
424 | lambda = yd / xd
425 | x = lambda*lambda - 2*x7 + xd
426 | y = lambda*(x7 - x) - y7
427 | xd = x8 - x
428 | yd = y8 - y
429 | lambda = yd / xd
430 | x = lambda*lambda - 2*x8 + xd
431 | y = lambda*(x8 - x) - y8
432 | xd = x9 - x
433 | yd = y9 - y
434 | lambda = yd / xd
435 | x = lambda*lambda - 2*x9 + xd
436 | y = lambda*(x9 - x) - y9
437 | xd = x10 - x
438 | yd = y10 - y
439 | lambda = yd / xd
440 | x = lambda*lambda - 2*x10 + xd
441 | y = lambda*(x10 - x) - y10
442 | xd = x11 - x
443 | yd = y11 - y
444 | lambda = yd / xd
445 | x = lambda*lambda - 2*x11 + xd
446 | y = lambda*(x11 - x) - y11
447 | xd = x12 - x
448 | yd = y12 - y
449 | lambda = yd / xd
450 | x = lambda*lambda - 2*x12 + xd
451 | y = lambda*(x12 - x) - y12
452 | xd = x13 - x
453 | yd = y13 - y
454 | lambda = yd / xd
455 | x = lambda*lambda - 2*x13 + xd
456 | y = lambda*(x13 - x) - y13
457 | xd = x14 - x
458 | yd = y14 - y
459 | lambda = yd / xd
460 | x = lambda*lambda - 2*x14 + xd
461 | y = lambda*(x14 - x) - y14
462 | xd = x15 - x
463 | yd = y15 - y
464 | lambda = yd / xd
465 | x = lambda*lambda - 2*x15 + xd
466 | y = lambda*(x15 - x) - y15
467 | xd = x16 - x
468 | yd = y16 - y
469 | lambda = yd / xd
470 | x = lambda*lambda - 2*x16 + xd
471 | y = lambda*(x16 - x) - y16
472 | xd = x17 - x
473 | yd = y17 - y
474 | lambda = yd / xd
475 | x = lambda*lambda - 2*x17 + xd
476 | y = lambda*(x17 - x) - y17
477 | xd = x18 - x
478 | yd = y18 - y
479 | lambda = yd / xd
480 | x = lambda*lambda - 2*x18 + xd
481 | y = lambda*(x18 - x) - y18
482 | xd = x19 - x
483 | yd = y19 - y
484 | lambda = yd / xd
485 | x = lambda*lambda - 2*x19 + xd
486 | y = lambda*(x19 - x) - y19
487 | xd = x20 - x
488 | yd = y20 - y
489 | lambda = yd / xd
490 | x = lambda*lambda - 2*x20 + xd
491 | y = lambda*(x20 - x) - y20
492 | xd = x21 - x
493 | yd = y21 - y
494 | lambda = yd / xd
495 | x = lambda*lambda - 2*x21 + xd
496 | y = lambda*(x21 - x) - y21
497 | xd = x22 - x
498 | yd = y22 - y
499 | lambda = yd / xd
500 | x = lambda*lambda - 2*x22 + xd
501 | y = lambda*(x22 - x) - y22
502 | xd = x23 - x
503 | yd = y23 - y
504 | lambda = yd / xd
505 | x = lambda*lambda - 2*x23 + xd
506 | y = lambda*(x23 - x) - y23
507 | xd = x24 - x
508 | yd = y24 - y
509 | lambda = yd / xd
510 | x = lambda*lambda - 2*x24 + xd
511 | y = lambda*(x24 - x) - y24
512 | xd = x25 - x
513 | yd = y25 - y
514 | lambda = yd / xd
515 | x = lambda*lambda - 2*x25 + xd
516 | y = lambda*(x25 - x) - y25
517 | xd = x26 - x
518 | yd = y26 - y
519 | lambda = yd / xd
520 | x = lambda*lambda - 2*x26 + xd
521 | y = lambda*(x26 - x) - y26
522 | xd = x27 - x
523 | yd = y27 - y
524 | lambda = yd / xd
525 | x = lambda*lambda - 2*x27 + xd
526 | y = lambda*(x27 - x) - y27
527 | xd = x28 - x
528 | yd = y28 - y
529 | lambda = yd / xd
530 | x = lambda*lambda - 2*x28 + xd
531 | y = lambda*(x28 - x) - y28
532 | xd = x29 - x
533 | yd = y29 - y
534 | lambda = yd / xd
535 | x = lambda*lambda - 2*x29 + xd
536 | y = lambda*(x29 - x) - y29
537 | xd = x30 - x
538 | yd = y30 - y
539 | lambda = yd / xd
540 | x = lambda*lambda - 2*x30 + xd
541 | y = lambda*(x30 - x) - y30
542 | xd = x31 - x
543 | yd = y31 - y
544 | lambda = yd / xd
545 | x = lambda*lambda - 2*x31 + xd
546 | y = lambda*(x31 - x) - y31
547 | xd = x32 - x
548 | yd = y32 - y
549 | lambda = yd / xd
550 | x = lambda*lambda - 2*x32 + xd
551 | y = lambda*(x32 - x) - y32
552 | xd = x33 - x
553 | yd = y33 - y
554 | lambda = yd / xd
555 | x = lambda*lambda - 2*x33 + xd
556 | y = lambda*(x33 - x) - y33
557 | xd = x34 - x
558 | yd = y34 - y
559 | lambda = yd / xd
560 | x = lambda*lambda - 2*x34 + xd
561 | y = lambda*(x34 - x) - y34
562 | xd = x35 - x
563 | yd = y35 - y
564 | lambda = yd / xd
565 | x = lambda*lambda - 2*x35 + xd
566 | y = lambda*(x35 - x) - y35
567 | xd = x36 - x
568 | yd = y36 - y
569 | lambda = yd / xd
570 | x = lambda*lambda - 2*x36 + xd
571 | y = lambda*(x36 - x) - y36
572 | xd = x37 - x
573 | yd = y37 - y
574 | lambda = yd / xd
575 | x = lambda*lambda - 2*x37 + xd
576 | y = lambda*(x37 - x) - y37
577 | xd = x38 - x
578 | yd = y38 - y
579 | lambda = yd / xd
580 | x = lambda*lambda - 2*x38 + xd
581 | y = lambda*(x38 - x) - y38
582 | xd = x39 - x
583 | yd = y39 - y
584 | lambda = yd / xd
585 | x = lambda*lambda - 2*x39 + xd
586 | y = lambda*(x39 - x) - y39
587 | xd = x40 - x
588 | yd = y40 - y
589 | lambda = yd / xd
590 | x = lambda*lambda - 2*x40 + xd
591 | y = lambda*(x40 - x) - y40
592 | xd = x41 - x
593 | yd = y41 - y
594 | lambda = yd / xd
595 | x = lambda*lambda - 2*x41 + xd
596 | y = lambda*(x41 - x) - y41
597 | xd = x42 - x
598 | yd = y42 - y
599 | lambda = yd / xd
600 | x = lambda*lambda - 2*x42 + xd
601 | y = lambda*(x42 - x) - y42
602 | xd = x43 - x
603 | yd = y43 - y
604 | lambda = yd / xd
605 | x = lambda*lambda - 2*x43 + xd
606 | y = lambda*(x43 - x) - y43
607 | xd = x44 - x
608 | yd = y44 - y
609 | lambda = yd / xd
610 | x = lambda*lambda - 2*x44 + xd
611 | y = lambda*(x44 - x) - y44
612 | xd = x45 - x
613 | yd = y45 - y
614 | lambda = yd / xd
615 | x = lambda*lambda - 2*x45 + xd
616 | y = lambda*(x45 - x) - y45
617 | xd = x46 - x
618 | yd = y46 - y
619 | lambda = yd / xd
620 | x = lambda*lambda - 2*x46 + xd
621 | y = lambda*(x46 - x) - y46
622 | xd = x47 - x
623 | yd = y47 - y
624 | lambda = yd / xd
625 | x = lambda*lambda - 2*x47 + xd
626 | y = lambda*(x47 - x) - y47
627 | xd = x48 - x
628 | yd = y48 - y
629 | lambda = yd / xd
630 | x = lambda*lambda - 2*x48 + xd
631 | y = lambda*(x48 - x) - y48
632 | xd = x49 - x
633 | yd = y49 - y
634 | lambda = yd / xd
635 | x = lambda*lambda - 2*x49 + xd
636 | y = lambda*(x49 - x) - y49
637 | xd = x50 - x
638 | yd = y50 - y
639 | lambda = yd / xd
640 | x = lambda*lambda - 2*x50 + xd
641 | y = lambda*(x50 - x) - y50
642 | xd = x51 - x
643 | yd = y51 - y
644 | lambda = yd / xd
645 | x = lambda*lambda - 2*x51 + xd
646 | y = lambda*(x51 - x) - y51
647 | xd = x52 - x
648 | yd = y52 - y
649 | lambda = yd / xd
650 | x = lambda*lambda - 2*x52 + xd
651 | y = lambda*(x52 - x) - y52
652 | xd = x53 - x
653 | yd = y53 - y
654 | lambda = yd / xd
655 | x = lambda*lambda - 2*x53 + xd
656 | y = lambda*(x53 - x) - y53
657 | xd = x54 - x
658 | yd = y54 - y
659 | lambda = yd / xd
660 | x = lambda*lambda - 2*x54 + xd
661 | y = lambda*(x54 - x) - y54
662 | xd = x55 - x
663 | yd = y55 - y
664 | lambda = yd / xd
665 | x = lambda*lambda - 2*x55 + xd
666 | y = lambda*(x55 - x) - y55
667 | xd = x56 - x
668 | yd = y56 - y
669 | lambda = yd / xd
670 | x = lambda*lambda - 2*x56 + xd
671 | y = lambda*(x56 - x) - y56
672 | xd = x57 - x
673 | yd = y57 - y
674 | lambda = yd / xd
675 | x = lambda*lambda - 2*x57 + xd
676 | y = lambda*(x57 - x) - y57
677 | xd = x58 - x
678 | yd = y58 - y
679 | lambda = yd / xd
680 | x = lambda*lambda - 2*x58 + xd
681 | y = lambda*(x58 - x) - y58
682 | xd = x59 - x
683 | yd = y59 - y
684 | lambda = yd / xd
685 | x = lambda*lambda - 2*x59 + xd
686 | y = lambda*(x59 - x) - y59
687 | xd = x60 - x
688 | yd = y60 - y
689 | lambda = yd / xd
690 | x = lambda*lambda - 2*x60 + xd
691 | y = lambda*(x60 - x) - y60
692 | xd = x61 - x
693 | yd = y61 - y
694 | lambda = yd / xd
695 | x = lambda*lambda - 2*x61 + xd
696 | y = lambda*(x61 - x) - y61
697 | xd = x62 - x
698 | yd = y62 - y
699 | lambda = yd / xd
700 | x = lambda*lambda - 2*x62 + xd
701 | y = lambda*(x62 - x) - y62
702 | xd = x63 - x
703 | yd = y63 - y
704 | lambda = yd / xd
705 | x = lambda*lambda - 2*x63 + xd
706 | y = lambda*(x63 - x) - y63
707 | x == 71870604784181591555737866018535425337975731562884279617359680037736128405828
708 | 


--------------------------------------------------------------------------------
/jubjub-24.circuit:
--------------------------------------------------------------------------------
 1 | [0.000000] Parsing...
 2 | [0.031181] 64 multiplications, 24 temporaries, 153 constraints, 2047 cost
 3 | [0.031202] Eliminating...
 4 | [0.036209] 64 multiplications, 129 constraints, 1975 cost
 5 | [0.036213] Reducing...
 6 | [0.126366] 64 multiplications, 129 constraints, 926 cost
 7 | [0.126371] Maximizing 1s...
 8 | [0.128813] Done
 9 | 
10 | 64,0,129; -R0 + L0 = 1; O0 = 0; -R1 + L1 = 1; O1 = 0; -R2 + L2 = 1; O2 = 0; -R3 + L3 = 1; O3 = 0; -R4 + L4 = 1; O4 = 0; -R5 + L5 = 1; O5 = 0; -R6 + L6 = 1; O6 = 0; -R7 + L7 = 1; O7 = 0; -R8 + L8 = 1; O8 = 0; -R9 + L9 = 1; O9 = 0; -R10 + L10 = 1; O10 = 0; -R11 + L11 = 1; O11 = 0; -R12 + L12 = 1; O12 = 0; -R13 + L13 = 1; O13 = 0; -R14 + L14 = 1; O14 = 0; -R15 + L15 = 1; O15 = 0; -R16 + L16 = 1; O16 = 0; -R17 + L17 = 1; O17 = 0; -R18 + L18 = 1; O18 = 0; -R19 + L19 = 1; O19 = 0; -R20 + L20 = 1; O20 = 0; -R21 + L21 = 1; O21 = 0; -R22 + L22 = 1; O22 = 0; -R23 + L23 = 1; O23 = 0; -L24 + L0 = 0; -R24 + L1 = 0; O24 + 43761614841181848836640060563436836929981077120207297347288494535014373124598*L25 + 32269103446714936439983769262136990710725469005847626272964912432556195438855*L0 + 53470148824566042419568143658779164645897136432324031591105781651996231383599*L1 = -29906057699896301565330867720293440045651680527210179749355355245466869592774; R25 - 2*L2 = -1; -L26 + R3 = -1; -R26 + L4 = 0; O26 + 21014290721093653874050402869616240144839777829078930642127268241692916015010*L27 + 37447708648605002961390823892644286535292237354956047616343665579501453451337*L4 + 30291292020152637070930450826530356553284841560358009904384208293049320970610*R3 = 3307806090697943352187013046080939446504106744877303122448895377828881668212; R27 - 2*L5 = -1; -L28 + L6 = 0; -R28 + L7 = 0; O28 + 39422441130629874788198111655788462774110351529600124115545993295029051645684*L29 + 42917028799385590299700293733507678944889494535724212207609436744993250694556*L6 - 45564479698566953479243735330776442972323193012352683437382744426522131912328*L7 = -57537303999655368353381379047846237190672667758130920911173250734940757149551; R29 - 2*L8 = -1; -L30 + L10 = 0; -R30 + L9 = 0; O30 - 38446424868433796858851842953384746620424815807520879497914956603617301801014*L31 - 55773950624693951415836632983097258152703163972044214177119964811812625388646*L9 + 42482794273324292680092874678191174984383984641774082606360053433037358121899*L10 = 47884199894730878472035943320117243385413378225237965751041148459461640533738; R31 - 2*L11 = -1; -L32 + L12 = 0; -R32 + L13 = 0; O32 - 20250612213942354886483967109273225133396174558391381383748768908480982837086*L33 - 35983571209647853706086730739075165119914702551232554045007545515259548181061*L12 + 27117483234944807967701351106842533279345407430290237698040482616936134755505*L13 = -22018281253581861053712925557970578469951932129283828947133701972620421720784; R33 - 2*L14 = -1; -L34 + L15 = 0; -R34 + L16 = 0; O34 - 54738290663229999556376180381941591409728572269951983360814970035388973899548*L35 - 38390113464447949567018478247914015996794392609991934458921107900552990608806*L15 - 45469769356493839847728822558732421047736844427300279893380599414060356257319*L16 = 53000765232413967642459995975842185807009289459069967701806221699791157485952; R35 - 2*L17 = -1; -L36 + L18 = 0; -R36 + L19 = 0; O36 - 12320138768187974508291363584285074216609603368214935001790842439339971036275*L37 + 34740865249162108051478986261403064912906864596389695303247319120947531371527*L18 + 12175664601132295430302729103693386396167126719610157530009990204420441928720*L19 = 21420281086610913621358425568141701895597951205998987276730877662875130584225; R37 - 2*L20 = -1; -L38 + L21 = 0; -R38 + L22 = 0; O38 + 39845760052938495303348021919394043410619570282327565431181081898719638189068*L39 - 14299728283372120743352157858364495184129865644674696741042732240122775552150*L21 - 7008011890681353439567955538950767071580814263116066399402704863721366867776*L22 = 10547171005689693146329932453634478263969027121644871014500038439056181411597; R39 - 2*R23 = 1; O25 - O40 = -48299285782010984277546132319090397627111951896538861757731290237225845021652; R40 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L25 = 23177059771622734200920270668010317424676771938413839380304100471274429597862; L40 - L41 = 0; L40 - R41 = 0; L40 - L42 = 0; O41 + R42 - 51516127673109386393816398459009443243459283883942664948368606277819222758886*L0 + 22582466753822382779073389479770109573390773792387186616066489900684041180370*L1 + 6726530529681914566372314857891225234480658195599878720927037650816335268370*L25 = 37796029121622316273687516273631511448796945351331127164409162996763916580534; O27 - O42 + O25 - O43 = 0; -R43 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 - 30759539956556623185178837535720172364584628569249377782678985276037466457*L4 + R42 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L25 + 7224137796052607702389482387318843227054137898881038815935328843778405489389*L27 + 5035688805764254729615047036903177527727379034866312505324239583314225212885*R3 = -10044314862782717792338137300180728089344028692773926647944854077388602608041; L43 - L44 = 0; L43 - R44 = 0; L43 - L45 = 0; O44 + R45 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 + 61519079913113246370357675071440344729169257138498755565357970552074932914*L4 + R42 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L25 - 14448275592105215404778964774637686454108275797762077631870657687556810978778*L27 - 10071377611528509459230094073806355055454758069732625010648479166628450425770*R3 = -34730370618505709364286923466684622800675789603782084542002191518702610099859; O29 - O45 + O27 - O46 = 0; -R46 + 30759539956556623185178837535720172364584628569249377782678985276037466457*L4 - 7993354946293882984883407724955613885955035550770435753146331886633043177268*L6 + 25387182148104946511679400703038412770234509789355600795301944182112116641750*L7 + 54004687565420328327057699287858693850601179361354880082095422576097505435544*L29 - 7224137796052607702389482387318843227054137898881038815935328843778405489389*L27 + R45 - 5035688805764254729615047036903177527727379034866312505324239583314225212885*R3 = -43332002092804439844970813330290124051811129101169020711980089346319775915666; L46 - L47 = 0; L46 - R47 = 0; L46 - L48 = 0; O47 + R48 + 30759539956556623185178837535720172364584628569249377782678985276037466457*L4 + 15986709892587765969766815449911227771910071101540871506292663773266086354536*L6 - 50774364296209893023358801406076825540469019578711201590603888364224233283500*L7 + 7782714106475538769455586432970520151635205556365144218414317989323150623249*L29 - 7224137796052607702389482387318843227054137898881038815935328843778405489389*L27 + R45 - 5035688805764254729615047036903177527727379034866312505324239583314225212885*R3 = -53814140807430307305578144514611554460547066987745020852702321890192617154823; O31 - O48 - O49 + O29 = 0; -R49 + 7993354946293882984883407724955613885955035550770435753146331886633043177268*L6 - 25387182148104946511679400703038412770234509789355600795301944182112116641750*L7 + 21083723490013023409268859711249867232140935066618250965981738757181533546676*L9 + 35361509647247546400757678737051292023162572769713343992318410794327733283060*L10 - 54004687565420328327057699287858693850601179361354880082095422576097505435544*L29 + R48 - 49695694995130873991915508336242308319685159231177454393336848369454461072642*L31 = 56564427697681006750831429506917360238056964590703019845635385289189387080852; L49 - L50 = 0; L49 - R50 = 0; L49 - L51 = 0; O50 + R51 + 7993354946293882984883407724955613885955035550770435753146331886633043177268*L6 - 25387182148104946511679400703038412770234509789355600795301944182112116641750*L7 - 42167446980026046818537719422499734464281870133236501931963477514363067093352*L9 + 45069069942821102622055627534585323806512418739648216397968341552862694928217*L10 - 54004687565420328327057699287858693850601179361354880082095422576097505435544*L29 + R48 - 16400699247054447439739968336203291213467245816719995595931466402609239349053*L31 = -7818904872671685538699205189468243032012302788907135449387839980733453906524; O33 - O51 + O31 - O52 = 0; -R52 - 21083723490013023409268859711249867232140935066618250965981738757181533546676*L9 - 35361509647247546400757678737051292023162572769713343992318410794327733283060*L10 + 4008061346841079653139067281374852475888520390017366114582429819763451526317*L12 - 42320092346958758040396236331843963273255991391340671627161255111273903515947*L13 + 27051018152262162480782215677769195370591836428356643022128155724055816898147*L33 + R51 + 49695694995130873991915508336242308319685159231177454393336848369454461072642*L31 = -57311127535598469571366002589097992500607340420623408708575936294810670131572; L52 - L53 = 0; L52 - R53 = 0; L52 - L54 = 0; O53 + R54 - 21083723490013023409268859711249867232140935066618250965981738757181533546676*L9 - 35361509647247546400757678737051292023162572769713343992318410794327733283060*L10 - 8016122693682159306278134562749704951777040780034732229164859639526903052634*L12 - 31151904543398679342778512344999981306325581496393561128282652918970354462443*L13 - 54102036304524324961564431355538390741183672856713286044256311448111633796294*L33 + R51 + 49695694995130873991915508336242308319685159231177454393336848369454461072642*L31 = 50238922500844246853201370481810381731145413461636662122128647319698499275768; O35 - O54 + O33 - O55 = 0; -R55 - 4008061346841079653139067281374852475888520390017366114582429819763451526317*L12 + 42320092346958758040396236331843963273255991391340671627161255111273903515947*L13 - 30925179758858758420092819874735141467293633077220787300641083518670966856656*L15 - 33707571304645941338971443993390864549159020866025477546165075696674955507905*L16 - 27051018152262162480782215677769195370591836428356643022128155724055816898147*L33 + R54 - 28577164535188640781590465845702583715167504231203191717700312229510670809387*O34 = 10814196233474167865049515099508495562594842744249364429402445726930995356230; L55 - L56 = 0; L55 - R56 = 0; L55 - L57 = 0; O56 - 4008061346841079653139067281374852475888520390017366114582429819763451526317*L12 + 42320092346958758040396236331843963273255991391340671627161255111273903515947*L13 + 30925179758858758420092819874735141467293633077220787300641083518670966856656*L15 + 33707571304645941338971443993390864549159020866025477546165075696674955507905*L16 - 27051018152262162480782215677769195370591836428356643022128155724055816898147*L33 + R58 + 53317504790820387281667962736454714062800115167062289270597108955310806163273*L18 - 24384704985163662596364158445805620287758811064172727835956989555541490326812*L19 + 48401959718465729902439578533473879812911387872956777157962258478490427591956*L37 + R54 + 28577164535188640781590465845702583715167504231203191717700312229510670809387*O34 = 35916269798090510922666288160452705816825019526264912917870363970386548654690; O37 - O57 + O35 - O58 = 0; -R58 + 30925179758858758420092819874735141467293633077220787300641083518670966856656*L15 + 33707571304645941338971443993390864549159020866025477546165075696674955507905*L16 - 53317504790820387281667962736454714062800115167062289270597108955310806163273*L18 + 24384704985163662596364158445805620287758811064172727835956989555541490326812*L19 - 48401959718465729902439578533473879812911387872956777157962258478490427591956*L37 + R57 + 28577164535188640781590465845702583715167504231203191717700312229510670809387*O34 = 50005387771403869771802054711438677289738048867496429054029328190260630040190; L58 - L59 = 0; L58 - R59 = 0; L58 - L60 = 0; O59 + R60 + 44160425135144966421432903200676234335562781222111963429186163724414256995482*L18 + 42637974281825207634478509671271046989561131086556720874734194474893690513901*L19 + 29413789918080994283747750591733731585896599339795427091281612293953121281531*L37 + R58 = 40883387259124798937583648646754763527591643326097594763014425004452454712417; O39 - O60 + O37 - O61 = 0; -R61 + 53317504790820387281667962736454714062800115167062289270597108955310806163273*L18 - 24384704985163662596364158445805620287758811064172727835956989555541490326812*L19 + 55523921953347453110599909679295050379740274602193759586448132726192800950540*L21 + 9440550144010915001571829578893139615047975752588665233854462274686952592643*L22 + 48401959718465729902439578533473879812911387872956777157962258478490427591956*L37 + R60 + 26588579085438804971624499509232953680269632844229627958343423982473042009770*L39 = -57448109824469310150058164586511689294521086999804858656521825859622411481423; L61 - L62 = 0; L61 - R62 = 0; L61 - L63 = 0; R63 - 55523921953347453110599909679295050379740274602193759586448132726192800950540*L21 - 9440550144010915001571829578893139615047975752588665233854462274686952592643*L22 - 26588579085438804971624499509232953680269632844229627958343423982473042009770*L39 = -16054705641021387516377832947988749511955441263832660259476321039874883868276; O62 + 53317504790820387281667962736454714062800115167062289270597108955310806163273*L18 - 24384704985163662596364158445805620287758811064172727835956989555541490326812*L19 - 55523921953347453110599909679295050379740274602193759586448132726192800950540*L21 - 9440550144010915001571829578893139615047975752588665233854462274686952592643*L22 + 48401959718465729902439578533473879812911387872956777157962258478490427591956*L37 + R60 - 26588579085438804971624499509232953680269632844229627958343423982473042009770*L39 = 56042223311768611330506825759078983775751694310465067952929234622054000049202;
11 | 
12 | Secret inputs:
13 | L = {SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x8622f5f9, 0x83a711d6, 0x35530e80, 0x298ac2f1, 0x287824b2, 0xf76f6474, 0x7f4919d6, 0x2e300537), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x96354875, 0x4f6885e1, 0x0842bb28, 0x84bf9b55, 0xef4c3e4f, 0xcf53be58, 0x83c5c830, 0x1623fcbc), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0xd736927f, 0xa5d8ce90, 0x2e0fefb8, 0xf6364c69, 0x695fb4ca, 0xe6f89ab7, 0xa6f2e78a, 0x9cdfa6d7), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xc64270a6, 0x0d080926, 0x26f781af, 0x480c9a2e, 0x66b6b4b0, 0x4e5e785a, 0x1e63d39b, 0x9e3c266a), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0x1bf48a4b, 0xc6fba45e, 0x571b4b77, 0xfe79ef82, 0x7e6feea1, 0x9ff195b5, 0x91237435, 0xc3f1645a), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x8475ab80, 0x22690b73, 0x7927c546, 0xd6a5655e, 0x79c2fafa, 0x8e341d69, 0x8eee5798, 0x3bd1482e), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x5319cb3c, 0xaf7d809a, 0xcbbc253e, 0x06e8f49a, 0x8058f503, 0xa13be5f5, 0x794eda87, 0x2c6a75ef), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0x42ef18e6, 0xd8dd1372, 0xb0eab2ec, 0x0df75026, 0x329dc47f, 0x450a2adc, 0x40cd4ede, 0xe37b78dc), SECP256K1_SCALAR_CONST(0x3207ab36, 0xdfb378d1, 0x67220c68, 0x72bf3fc6, 0x1809c6a8, 0x7dec0dd7, 0x68d3ed02, 0x325d24fb), SECP256K1_SCALAR_CONST(0x3207ab36, 0xdfb378d1, 0x67220c68, 0x72bf3fc6, 0x1809c6a8, 0x7dec0dd7, 0x68d3ed02, 0x325d24fb), SECP256K1_SCALAR_CONST(0x3207ab36, 0xdfb378d1, 0x67220c68, 0x72bf3fc6, 0x1809c6a8, 0x7dec0dd7, 0x68d3ed02, 0x325d24fb), SECP256K1_SCALAR_CONST(0x33423240, 0x22684b20, 0xa6118407, 0xcd7caf70, 0xa60a483d, 0x35444ecb, 0x37a1da3d, 0xb0e815fa), SECP256K1_SCALAR_CONST(0x33423240, 0x22684b20, 0xa6118407, 0xcd7caf70, 0xa60a483d, 0x35444ecb, 0x37a1da3d, 0xb0e815fa), SECP256K1_SCALAR_CONST(0x33423240, 0x22684b20, 0xa6118407, 0xcd7caf70, 0xa60a483d, 0x35444ecb, 0x37a1da3d, 0xb0e815fa), SECP256K1_SCALAR_CONST(0xed40570c, 0xd608f7e5, 0x296d4311, 0x4915dce7, 0x13c716b0, 0xd8eef5f1, 0x189bed47, 0xe1c51794), SECP256K1_SCALAR_CONST(0xed40570c, 0xd608f7e5, 0x296d4311, 0x4915dce7, 0x13c716b0, 0xd8eef5f1, 0x189bed47, 0xe1c51794), SECP256K1_SCALAR_CONST(0xed40570c, 0xd608f7e5, 0x296d4311, 0x4915dce7, 0x13c716b0, 0xd8eef5f1, 0x189bed47, 0xe1c51794), SECP256K1_SCALAR_CONST(0x1a3f3aa5, 0xa73d71d1, 0xcf329373, 0x6db8f8f5, 0x0bf86a3f, 0x2c9fc29c, 0xa78cc52b, 0x60254ea6), SECP256K1_SCALAR_CONST(0x1a3f3aa5, 0xa73d71d1, 0xcf329373, 0x6db8f8f5, 0x0bf86a3f, 0x2c9fc29c, 0xa78cc52b, 0x60254ea6), SECP256K1_SCALAR_CONST(0x1a3f3aa5, 0xa73d71d1, 0xcf329373, 0x6db8f8f5, 0x0bf86a3f, 0x2c9fc29c, 0xa78cc52b, 0x60254ea6), SECP256K1_SCALAR_CONST(0xa8275a6b, 0x68dba2a8, 0x4683be3e, 0xd037d8ac, 0x7348fb40, 0x213a4d08, 0x0cef929d, 0xdaa139f3), SECP256K1_SCALAR_CONST(0xa8275a6b, 0x68dba2a8, 0x4683be3e, 0xd037d8ac, 0x7348fb40, 0x213a4d08, 0x0cef929d, 0xdaa139f3), SECP256K1_SCALAR_CONST(0xa8275a6b, 0x68dba2a8, 0x4683be3e, 0xd037d8ac, 0x7348fb40, 0x213a4d08, 0x0cef929d, 0xdaa139f3), SECP256K1_SCALAR_CONST(0x62902b84, 0x8d597fe2, 0x61d3388a, 0xbe8a987f, 0x4a48842c, 0x196c6a00, 0x647401af, 0x6afbca2d), SECP256K1_SCALAR_CONST(0x62902b84, 0x8d597fe2, 0x61d3388a, 0xbe8a987f, 0x4a48842c, 0x196c6a00, 0x647401af, 0x6afbca2d), SECP256K1_SCALAR_CONST(0x62902b84, 0x8d597fe2, 0x61d3388a, 0xbe8a987f, 0x4a48842c, 0x196c6a00, 0x647401af, 0x6afbca2d), SECP256K1_SCALAR_CONST(0xe97eb0ad, 0xce217304, 0x47b8fd17, 0x41e8ded9, 0x5d7d5444, 0x68dab0bc, 0xb0380309, 0xdf46cf0d), SECP256K1_SCALAR_CONST(0xe97eb0ad, 0xce217304, 0x47b8fd17, 0x41e8ded9, 0x5d7d5444, 0x68dab0bc, 0xb0380309, 0xdf46cf0d), SECP256K1_SCALAR_CONST(0xe97eb0ad, 0xce217304, 0x47b8fd17, 0x41e8ded9, 0x5d7d5444, 0x68dab0bc, 0xb0380309, 0xdf46cf0d), SECP256K1_SCALAR_CONST(0x7c47fde9, 0xaa39afd3, 0xe21a712c, 0x6901ec3f, 0x087d2017, 0xe035b680, 0x98d58fc5, 0x7505015b), SECP256K1_SCALAR_CONST(0x7c47fde9, 0xaa39afd3, 0xe21a712c, 0x6901ec3f, 0x087d2017, 0xe035b680, 0x98d58fc5, 0x7505015b), SECP256K1_SCALAR_CONST(0x7c47fde9, 0xaa39afd3, 0xe21a712c, 0x6901ec3f, 0x087d2017, 0xe035b680, 0x98d58fc5, 0x7505015b)}
14 | R = {SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xa68029aa, 0x8a4a0abe, 0xc6ea9644, 0x481f70c2, 0xa3326f34, 0xaf0fc066, 0xfe8ff733, 0xd9f1c429), SECP256K1_SCALAR_CONST(0x3207ab36, 0xdfb378d1, 0x67220c68, 0x72bf3fc6, 0x1809c6a8, 0x7dec0dd7, 0x68d3ed02, 0x325d24fb), SECP256K1_SCALAR_CONST(0xdc55da77, 0xb854c2d0, 0x9edc612d, 0x397545bc, 0x875aee7a, 0xb1667416, 0x3e64a8e6, 0x5ed4897b), SECP256K1_SCALAR_CONST(0x09d0ff43, 0x3e6c3b13, 0xe8159606, 0x3f22d282, 0xa09c0fd7, 0xcf9031ac, 0x816fd6b0, 0x5d3e5c53), SECP256K1_SCALAR_CONST(0x33423240, 0x22684b20, 0xa6118407, 0xcd7caf70, 0xa60a483d, 0x35444ecb, 0x37a1da3d, 0xb0e815fa), SECP256K1_SCALAR_CONST(0xaf1967fc, 0x387a9fe0, 0x9e30aa8d, 0xa674c78f, 0x1f9ef00e, 0x40105f3a, 0xbfc46144, 0xd8018eaa), SECP256K1_SCALAR_CONST(0x62ac85f0, 0xefba1a8c, 0x1edb439b, 0xe57dd2ed, 0xe804eea4, 0x42169bfc, 0xbb021282, 0x7bc67d0d), SECP256K1_SCALAR_CONST(0xed40570c, 0xd608f7e5, 0x296d4311, 0x4915dce7, 0x13c716b0, 0xd8eef5f1, 0x189bed47, 0xe1c51794), SECP256K1_SCALAR_CONST(0xf24d9bc3, 0xad3149f0, 0x419b0fba, 0x8e90d407, 0x0def27af, 0x25d08fea, 0x621c0093, 0xabcd6fc0), SECP256K1_SCALAR_CONST(0x57179569, 0x927f03c1, 0x2ba3a349, 0xc2e4ff09, 0xf994ca74, 0x4fdce347, 0xa072cec8, 0x43c04e48), SECP256K1_SCALAR_CONST(0x1a3f3aa5, 0xa73d71d1, 0xcf329373, 0x6db8f8f5, 0x0bf86a3f, 0x2c9fc29c, 0xa78cc52b, 0x60254ea6), SECP256K1_SCALAR_CONST(0x172b73c7, 0x3ace627b, 0x5629ee22, 0xf30f8415, 0x134d09b3, 0xa270130d, 0x8c8cd5d6, 0x80db7cca), SECP256K1_SCALAR_CONST(0x26ebebeb, 0x2cf43564, 0xf7adb143, 0xe7e79d7c, 0xe6637499, 0x62d326d0, 0x9bd8403d, 0x42033780), SECP256K1_SCALAR_CONST(0xa8275a6b, 0x68dba2a8, 0x4683be3e, 0xd037d8ac, 0x7348fb40, 0x213a4d08, 0x0cef929d, 0xdaa139f3), SECP256K1_SCALAR_CONST(0x6f80d5f9, 0x4b6dcd42, 0x9cee85a5, 0xb010c589, 0x772b4b80, 0x5df72224, 0x2e479b2c, 0x145f4485), SECP256K1_SCALAR_CONST(0x0665a47f, 0x460a5c1c, 0x5da480d0, 0xff399ae0, 0xf7c3e7ea, 0x486b7112, 0xd7b08955, 0xeb2b06dc), SECP256K1_SCALAR_CONST(0x62902b84, 0x8d597fe2, 0x61d3388a, 0xbe8a987f, 0x4a48842c, 0x196c6a00, 0x647401af, 0x6afbca2d), SECP256K1_SCALAR_CONST(0xd4aaaa94, 0x8f82d5f0, 0xebff297c, 0x1c099c9d, 0x9c30d4a8, 0x7a0ea6b8, 0x76127684, 0x8871f2f6), SECP256K1_SCALAR_CONST(0x1dd5451e, 0x931f9189, 0xa6e4501b, 0x41409c65, 0x84a33c90, 0x84103e56, 0x7c2a87a9, 0x9db89162), SECP256K1_SCALAR_CONST(0xe97eb0ad, 0xce217304, 0x47b8fd17, 0x41e8ded9, 0x5d7d5444, 0x68dab0bc, 0xb0380309, 0xdf46cf0d), SECP256K1_SCALAR_CONST(0x87b4ff89, 0x0a215b40, 0x2e6f77e7, 0xcc892474, 0x4659eb8d, 0x9954654d, 0x2d27b2a1, 0x324f4a95), SECP256K1_SCALAR_CONST(0x45711e68, 0x76717360, 0xc339483b, 0x4da3fa6e, 0xac00242e, 0xaaf1abf9, 0x3c0968d5, 0x408346df), SECP256K1_SCALAR_CONST(0x7c47fde9, 0xaa39afd3, 0xe21a712c, 0x6901ec3f, 0x087d2017, 0xe035b680, 0x98d58fc5, 0x7505015b), SECP256K1_SCALAR_CONST(0xd2f3a6c8, 0x27a194f8, 0x030aff3f, 0xc5285797, 0xdd5021b7, 0x3c1affbb, 0xf4bb8e93, 0xc6e2c3f3)}
15 | O = {SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x8622f5f9, 0x83a711d6, 0x35530e80, 0x298ac2f1, 0x287824b2, 0xf76f6474, 0x7f4919d6, 0x2e300537), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x69cab78a, 0xb0977a1e, 0xf7bd44d7, 0x7b4064a8, 0xcb629e96, 0xdff4e1e3, 0x3c0c965c, 0xba124485), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0x28c96d80, 0x5a27316f, 0xd1f01047, 0x09c9b395, 0x514f281b, 0xc8500584, 0x18df7702, 0x33569a6a), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x39bd8f59, 0xf2f7f6d9, 0xd9087e50, 0xb7f365d0, 0x53f82836, 0x60ea27e1, 0xa16e8af1, 0x31fa1ad7), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x1bf48a4b, 0xc6fba45e, 0x571b4b77, 0xfe79ef82, 0x7e6feea1, 0x9ff195b5, 0x91237435, 0xc3f1645a), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x7b8a547f, 0xdd96f48c, 0x86d83ab9, 0x295a9aa0, 0x40ebe1ec, 0x211482d2, 0x30e406f4, 0x9464f913), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xace634c3, 0x50827f65, 0x3443dac1, 0xf9170b64, 0x3a55e7e3, 0x0e0cba46, 0x46838405, 0xa3cbcb52), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xbd10e719, 0x2722ec8d, 0x4f154d13, 0xf208afd8, 0x88111867, 0x6a3e755f, 0x7f050fad, 0xecbac865), SECP256K1_SCALAR_CONST(0xf0eb6348, 0x7a8d0b78, 0xd93d2339, 0x7214b70a, 0xca06a3f6, 0xcf15ecdd, 0xc5c610d4, 0x9ff2610b), SECP256K1_SCALAR_CONST(0x5dbec3bd, 0x0f62fd22, 0x07648dd1, 0x5f938861, 0x7b5c1586, 0x7dcfc49a, 0xb1eb78ba, 0x1a98a441), SECP256K1_SCALAR_CONST(0xdcb68864, 0x8317994d, 0x21baf1b1, 0xb9160d14, 0x410ca04e, 0x097eb840, 0xd66436c6, 0xb95eb42a), SECP256K1_SCALAR_CONST(0x1337251f, 0xb126f2a8, 0x0b5561a5, 0xebb51a85, 0xb2ce22fb, 0xcde58e16, 0xe4f1796c, 0x2ee39592), SECP256K1_SCALAR_CONST(0xb01bcf02, 0x6d615886, 0xc290e33a, 0x0c994b1e, 0xa6cf9134, 0x87b3e16a, 0xf6722756, 0xb9c901f2), SECP256K1_SCALAR_CONST(0x7caaed43, 0xc8abb6df, 0x2db15e77, 0xe6ae381b, 0xcc4c6978, 0x82aa665a, 0x681e0775, 0xad7e91b3), SECP256K1_SCALAR_CONST(0x15e937c7, 0x4212f4af, 0x9bfbf6a6, 0x9e5be022, 0x50655d3a, 0x259a810c, 0xecce05e9, 0x3fea4d3c), SECP256K1_SCALAR_CONST(0x2ec56e6b, 0x6d1b3f01, 0x6a609ba2, 0x3b3d6056, 0x84f7536f, 0xe4c89cec, 0xcc13be7b, 0x82fa0c8c), SECP256K1_SCALAR_CONST(0xdf254e0b, 0xf1e49032, 0x9e1cec1e, 0xa1f839d3, 0xc949f84d, 0x98c49399, 0xb9a56315, 0x6ac92746), SECP256K1_SCALAR_CONST(0x8361aece, 0x5b3a9817, 0x0cdba279, 0x1fc4df90, 0x96ac34eb, 0x3fbe3a07, 0xc07afd6a, 0xcabdcf3c), SECP256K1_SCALAR_CONST(0x43da73e0, 0xeca26ab4, 0x07231839, 0x96540533, 0xeba95ad1, 0x87d06cd2, 0x3708f61d, 0x7e010b20), SECP256K1_SCALAR_CONST(0xe895c241, 0x6838289e, 0xb83eddf2, 0x2046d8e1, 0xe93a3646, 0x2c5848c9, 0x7e8274d9, 0x55acf58d), SECP256K1_SCALAR_CONST(0x6d1c5764, 0x51bb7299, 0x77e4ebd6, 0x96267c6f, 0xa3dcbd78, 0x83cc1509, 0x73e1e8da, 0x7074cae5), SECP256K1_SCALAR_CONST(0x4af22399, 0x17ff4705, 0xd8dfbc1f, 0x92d87184, 0x143faf90, 0xfa7c557b, 0xc7cafe87, 0x2fb18a4f), SECP256K1_SCALAR_CONST(0xeaae25e3, 0x289e24eb, 0x808511d9, 0xef98e662, 0x934f9253, 0xd4b95c86, 0xd5ecaf7d, 0xc32b8d26), SECP256K1_SCALAR_CONST(0xacd0b8e8, 0x7bf473ff, 0x5d6e7457, 0x383ba3be, 0xe6bb1b20, 0x9b955c3c, 0xabed2a39, 0x65611188), SECP256K1_SCALAR_CONST(0xcafd01fb, 0xaaa9c42d, 0x65fa3a3d, 0xfd081d0f, 0xd5014223, 0x16bab3e8, 0xc00761ad, 0x3746d609), SECP256K1_SCALAR_CONST(0x4a37c2e3, 0x113abaab, 0x975759b0, 0x60c4af84, 0x04faeaff, 0x11937ef5, 0x04d4aa0c, 0x6e23fb03), SECP256K1_SCALAR_CONST(0xde38c660, 0x1cdeb946, 0x23c4bbca, 0xc1acf680, 0x7646ded0, 0x1d8dbe23, 0x7292e0ed, 0xca0cc962), SECP256K1_SCALAR_CONST(0xdc02dc05, 0xedcc3c3b, 0x0af99065, 0x7a269309, 0xccadc81d, 0x38662f61, 0xf66517c5, 0xbb1c51aa), SECP256K1_SCALAR_CONST(0x20ebe689, 0xa6588bfc, 0xf510761b, 0x9cdfdc37, 0x59846676, 0x61cb6d45, 0xc30ba35f, 0xc8397343), SECP256K1_SCALAR_CONST(0x490b3552, 0xd14cdff5, 0x8e48b1ba, 0x4e3fdf06, 0xae33bced, 0x67372224, 0x42aa91c6, 0xf816df33), SECP256K1_SCALAR_CONST(0xa25cb81b, 0x31ea690d, 0xd86681e7, 0xf87483ca, 0xf9fc311f, 0x52de9b90, 0x5b69dbd0, 0x7e9058ee), SECP256K1_SCALAR_CONST(0x405ac8c7, 0x08f9d2be, 0x3739f5cb, 0xdb35b4d0, 0x43991892, 0x2b1da0ac, 0x4fc0863a, 0x43764dc2)}
16 | 


--------------------------------------------------------------------------------
/jubjub-24.program:
--------------------------------------------------------------------------------
 1 | b0 = bool(#0)
 2 | b1 = bool(#0)
 3 | b2 = bool(#1)
 4 | b3 = bool(#0)
 5 | b4 = bool(#0)
 6 | b5 = bool(#0)
 7 | b6 = bool(#1)
 8 | b7 = bool(#1)
 9 | b8 = bool(#0)
10 | b9 = bool(#0)
11 | b10 = bool(#0)
12 | b11 = bool(#0)
13 | b12 = bool(#1)
14 | b13 = bool(#0)
15 | b14 = bool(#1)
16 | b15 = bool(#0)
17 | b16 = bool(#0)
18 | b17 = bool(#0)
19 | b18 = bool(#0)
20 | b19 = bool(#1)
21 | b20 = bool(#0)
22 | b21 = bool(#1)
23 | b22 = bool(#0)
24 | b23 = bool(#0)
25 | inner = b0 * b1
26 | x0 = 33860316972155444993786373798026421371939187633298958089058826269505131570572 + 4226393914626074620948936004615547265604490912620318630245965505957185135143 * b0 + 37441526755211924331825564564236519453867190604113937282895033561968998282370 * b1 + 3446994320820307097032031501091944760790429817635120053161522474524483867619 * inner
27 | y0 = (2*b2 - 1) * (60671692165106483604271687017658706228693866043851659747576035057462336816439 + 106623529194841966177978043613161462997819727543347939845701802773096694465177 * b0 + 47938224980456232503229816213054428273092270511117363623465803065343455516367 * b1 + 26554478576463918077403240924474355766273225414729945824912137490949982314478 * inner)
28 | inner = b3 * b4
29 | x1 = 54431971297229333624718753949579168895356996521621374249159580775338578475429 + 109922599987230381266865652034812824606163384270625196619141286808347466603483 * b3 + 20881437303513882536145000241140988275700410965039187707257793757735868573130 * b4 + 45711614629433279542775433538377308708179109987126099483045222567080372222169 * inner
30 | y1 = (2*b5 - 1) * (67941070270336610898300787086032880265370242167256588327808127727855653354684 + 7914610996944504619334512747300914331923604833539601302037069388032620265253 * b3 + 37484988275126684089135411772496467274419121649974161751318074268189768049590 * b4 + 58423187167962183997790956993675791196533256124157404338019371616198352161516 * inner)
31 | inner = b6 * b7
32 | x2 = 88930973464381297635837024470312311848883448831298461469838934561563052702686 + 67691388604549271616499668186959250400639820539227465051600028147715753701547 * b6 + 5905242161836463391747922240547459274457254646794898858995512087108916744203 * b7 + 88920389466874909325689300380323478613679953240730946873892524093955830967798 * inner
33 | y2 = (2*b8 - 1) * (54280578284730686408505881826997798704097184887771637185376274859358469690413 + 102486172936731504811956156089256114251973053935237746031773679589242932125299 * b6 + 89297066128574112542649957033071053162857631507004030297537684798336399067439 * b7 + 82864044407841968794212878273644603654837796015523818432366123748474118696330 * inner)
34 | inner = b9 * b10
35 | x3 = 65451959348736685490191104056762622567632773177268838749346319292580156737489 + 113376016858564156775591284924797246334836388724033691868505272651511287807418 * b9 + 91789743906880627141660491631704736858998154305203490500851220037915508425096 * b10 + 54168485752751298105165992994527168261297184511677113147426879056474828063084 * inner
36 | y3 = (2*b11 - 1) * (89675333398076471056554693784413522735391158043442244021562090712870883698282 + 12766819575197444644518949406591763589856820725718005604518479450789243520350 * b9 + 45853769813178221631807171325707236455821270565640117700637507476073749817738 * b10 + 84385214790007112537133629204957247489423816501707208011870621267303842560307 * inner)
37 | inner = b12 * b13
38 | x4 = 30733270695114255474179995693062501537188166769480567855484934644121838593288 + 41843445197469758275278236767424117764769812625086743074447835033803871493503 * b12 + 89149585902572769939844662396752372957201761150094821282671225123656900054558 * b13 + 68619315336272089961141851595360751363933209021459590139410170018969237768298 * inner
39 | y4 = (2*b14 - 1) * (2587274125223747214103178801499820450070701236005753042324229146418902149537 + 10057237954277581473864447071551267669291243678180559456522624232325051464377 * b12 + 111391247346570272597172485607827547702057040779135727467721921162355020166772 * b13 + 84792018272686873254709316254289887879344353220504296072281842365669454971377 * inner)
40 | inner = b15 * b16
41 | x5 = 25035820445340070943139609257460962514656075216503992514165748811238727779550 + 84866909478457437003478165133952766385543931201854117081964079622847194637681 * b15 + 82084517932670254084599541015297043303678543413049426836440087444843205986432 * b16 + 87214924702127554641980519162985324137670060047871712664904850912007490684950 * inner
42 | y5 = (2*b17 - 1) * (59913200772692539626046113072997426545581484626437040475214012295445734311982 + 14749237545714527901123651786122034274431747030914276868918523732483871892130 * b15 + 7469154284945361648578855171824106486061429836004233430725604994591296439538 * b16 + 107545671356138370851118733914219649068894671080530359032315490135273326726902 * inner)
43 | inner = b18 * b19
44 | x6 = 13311138140066761459404618988626040366085773893124788047050152787289418403258 + 44056692330460254659769027106557590085985565711458555579304150014558343778970 * b18 + 44818794418362906799299302902020134699153500980593972804900985468916403721937 * b19 + 54863958965231320701533055257334624375524760420005772506856886950605160369345 * inner
45 | y6 = (2*b20 - 1) * (102117014955705575959623858932281439646073420708517313094811946356915167766551 + 49839634457122342749632915355629936580573494269272840496775499766920171379098 * b18 + 51262614581227667539812544779762266429108431151809065393222740293161056571161 * b19 + 15292636614739455419815562454666864586634474240816653131234507817436276356298 * inner)
46 | inner = b21 * b22
47 | x7 = 95010881276639922005914917651750538742619706898460615615344699756091544425391 + 48938559988070616763194425090842982321117211216135677038263504146717892136551 * b21 + 91953774548662954821980712463525191841705092346040884266432710770123517316093 * b22 + 103392487974062033655581207793799331738979472128370164258268473184509696672758 * inner
48 | y7 = (2*b23 - 1) * (38667759103943533362758497793305683610289650765581589733666387889467420116146 + 107399426453888734345351115946706731176380113066346117568394954868287551878507 * b21 + 95026242949941224026008230366294307174206991013015052925331841530379671874539 * b22 + 65322883399688449729152653410843576368062495377690264452749360499235990230062 * inner)
49 | x = 74342029351003079572996314984995564101706176677551085723003762779083793457828
50 | y = 67492803455305211146024852689597510225725612382536042624873872904292316472685
51 | xd = x0 - x
52 | yd = y0 - y
53 | lambda = yd / xd
54 | x = lambda*lambda - 2*x0 + xd
55 | y = lambda*(x0 - x) - y0
56 | xd = x1 - x
57 | yd = y1 - y
58 | lambda = yd / xd
59 | x = lambda*lambda - 2*x1 + xd
60 | y = lambda*(x1 - x) - y1
61 | xd = x2 - x
62 | yd = y2 - y
63 | lambda = yd / xd
64 | x = lambda*lambda - 2*x2 + xd
65 | y = lambda*(x2 - x) - y2
66 | xd = x3 - x
67 | yd = y3 - y
68 | lambda = yd / xd
69 | x = lambda*lambda - 2*x3 + xd
70 | y = lambda*(x3 - x) - y3
71 | xd = x4 - x
72 | yd = y4 - y
73 | lambda = yd / xd
74 | x = lambda*lambda - 2*x4 + xd
75 | y = lambda*(x4 - x) - y4
76 | xd = x5 - x
77 | yd = y5 - y
78 | lambda = yd / xd
79 | x = lambda*lambda - 2*x5 + xd
80 | y = lambda*(x5 - x) - y5
81 | xd = x6 - x
82 | yd = y6 - y
83 | lambda = yd / xd
84 | x = lambda*lambda - 2*x6 + xd
85 | y = lambda*(x6 - x) - y6
86 | xd = x7 - x
87 | yd = y7 - y
88 | lambda = yd / xd
89 | x = lambda*lambda - 2*x7 + xd
90 | y = lambda*(x7 - x) - y7
91 | x == 48533248139426898837773552080522724031394554612645082376134567520475393089059
92 | 


--------------------------------------------------------------------------------
/jubjub-3.circuit:
--------------------------------------------------------------------------------
 1 | [0.000000] Parsing...
 2 | [0.004586] 8 multiplications, 3 temporaries, 20 constraints, 114 cost
 3 | [0.004598] Eliminating...
 4 | [0.004804] 8 multiplications, 17 constraints, 105 cost
 5 | [0.004807] Reducing...
 6 | [0.011766] 8 multiplications, 17 constraints, 100 cost
 7 | [0.011771] Maximizing 1s...
 8 | [0.012087] Done
 9 | 
10 | 8,0,17; -R0 + L0 = 1; O0 = 0; -R1 + L1 = 1; O1 = 0; -R2 + L2 = 1; O2 = 0; -L3 + L0 = 0; -R3 + L1 = 0; O3 + 43761614841181848836640060563436836929981077120207297347288494535014373124598*L4 + 32269103446714936439983769262136990710725469005847626272964912432556195438855*L0 + 53470148824566042419568143658779164645897136432324031591105781651996231383599*L1 = -29906057699896301565330867720293440045651680527210179749355355245466869592774; R4 - 2*L2 = -1; O4 - O5 = -5790157963784981660191168841374597722972181776698071254377150704077242214507; R5 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L4 = -29614996938732799633661547612064662376197030231215982466591901560589852461284; L5 - L6 = 0; L5 - R6 = 0; L5 - L7 = 0; O6 + R7 - 51516127673109386393816398459009443243459283883942664948368606277819222758886*L0 + 22582466753822382779073389479770109573390773792387186616066489900684041180370*L1 + 6726530529681914566372314857891225234480658195599878720927037650816335268370*L4 = -25204003405338345315301650454981416603166816758113955371299998112889962854657; O6 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L4 = 10482191031782654019194619252232560984851404783271171686897023817875267510226;
11 | 
12 | Secret inputs:
13 | L = {SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x8622f5f9, 0x83a711d6, 0x35530e80, 0x298ac2f1, 0x287824b2, 0xf76f6474, 0x7f4919d6, 0x2e300537), SECP256K1_SCALAR_CONST(0x1fc757ec, 0xbddbbeb9, 0xd4f41473, 0xb24f6530, 0x743a1437, 0x46963ca9, 0x0a83f80c, 0x1ee5328b), SECP256K1_SCALAR_CONST(0x1fc757ec, 0xbddbbeb9, 0xd4f41473, 0xb24f6530, 0x743a1437, 0x46963ca9, 0x0a83f80c, 0x1ee5328b), SECP256K1_SCALAR_CONST(0x1fc757ec, 0xbddbbeb9, 0xd4f41473, 0xb24f6530, 0x743a1437, 0x46963ca9, 0x0a83f80c, 0x1ee5328b)}
14 | R = {SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0x31c8eae3, 0xf71d7572, 0x260f2848, 0xe9f7209d, 0x7366b59e, 0x073e490d, 0x279d8c48, 0x656e329f), SECP256K1_SCALAR_CONST(0x1fc757ec, 0xbddbbeb9, 0xd4f41473, 0xb24f6530, 0x743a1437, 0x46963ca9, 0x0a83f80c, 0x1ee5328b), SECP256K1_SCALAR_CONST(0x245cbdd4, 0xef485258, 0xba62e0d9, 0x26e672d2, 0x83d1988a, 0x3c3a1e2f, 0x6639ec10, 0x39c6a2b0)}
15 | O = {SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x8622f5f9, 0x83a711d6, 0x35530e80, 0x298ac2f1, 0x287824b2, 0xf76f6474, 0x7f4919d6, 0x2e300537), SECP256K1_SCALAR_CONST(0x92f012f8, 0xd76c6bd9, 0x7cdaa7c4, 0x6a848512, 0xed249960, 0xc58efb11, 0x48945d26, 0x186dada2), SECP256K1_SCALAR_CONST(0x8a6f1f26, 0x6b9c02e6, 0x8cb97c20, 0xd04aab71, 0xf4024826, 0xeb84f19f, 0xa13641ee, 0xe3f3db55), SECP256K1_SCALAR_CONST(0xc4e18e86, 0x9b53aabc, 0x22891520, 0x299684a8, 0x75ad4a2e, 0xc4e1e6af, 0x2556146f, 0xb25f219e)}
16 | 


--------------------------------------------------------------------------------
/jubjub-3.program:
--------------------------------------------------------------------------------
 1 | b0 = bool(#0)
 2 | b1 = bool(#0)
 3 | b2 = bool(#1)
 4 | inner = b0 * b1
 5 | x0 = 33860316972155444993786373798026421371939187633298958089058826269505131570572 + 4226393914626074620948936004615547265604490912620318630245965505957185135143 * b0 + 37441526755211924331825564564236519453867190604113937282895033561968998282370 * b1 + 3446994320820307097032031501091944760790429817635120053161522474524483867619 * inner
 6 | y0 = (2*b2 - 1) * (60671692165106483604271687017658706228693866043851659747576035057462336816439 + 106623529194841966177978043613161462997819727543347939845701802773096694465177 * b0 + 47938224980456232503229816213054428273092270511117363623465803065343455516367 * b1 + 26554478576463918077403240924474355766273225414729945824912137490949982314478 * inner)
 7 | x = 11341996824042417984007148256382636049742414568106003187294601669429914022637
 8 | y = 110001931273531213763379816167313310129865382502376833128228012437440919279830
 9 | xd = x0 - x
10 | yd = y0 - y
11 | lambda = yd / xd
12 | x = lambda*lambda - 2*x0 + xd
13 | y = lambda*(x0 - x) - y0
14 | x == 17413194322430617684841870351531951261563605878275147778899722039605291926236
15 | 


--------------------------------------------------------------------------------
/jubjub-48.program:
--------------------------------------------------------------------------------
  1 | b0 = bool(#0)
  2 | b1 = bool(#0)
  3 | b2 = bool(#1)
  4 | b3 = bool(#0)
  5 | b4 = bool(#0)
  6 | b5 = bool(#0)
  7 | b6 = bool(#1)
  8 | b7 = bool(#1)
  9 | b8 = bool(#0)
 10 | b9 = bool(#0)
 11 | b10 = bool(#0)
 12 | b11 = bool(#0)
 13 | b12 = bool(#1)
 14 | b13 = bool(#0)
 15 | b14 = bool(#1)
 16 | b15 = bool(#0)
 17 | b16 = bool(#0)
 18 | b17 = bool(#0)
 19 | b18 = bool(#0)
 20 | b19 = bool(#1)
 21 | b20 = bool(#0)
 22 | b21 = bool(#1)
 23 | b22 = bool(#0)
 24 | b23 = bool(#0)
 25 | b24 = bool(#0)
 26 | b25 = bool(#0)
 27 | b26 = bool(#1)
 28 | b27 = bool(#1)
 29 | b28 = bool(#0)
 30 | b29 = bool(#1)
 31 | b30 = bool(#0)
 32 | b31 = bool(#1)
 33 | b32 = bool(#1)
 34 | b33 = bool(#0)
 35 | b34 = bool(#1)
 36 | b35 = bool(#1)
 37 | b36 = bool(#0)
 38 | b37 = bool(#1)
 39 | b38 = bool(#0)
 40 | b39 = bool(#1)
 41 | b40 = bool(#0)
 42 | b41 = bool(#1)
 43 | b42 = bool(#0)
 44 | b43 = bool(#0)
 45 | b44 = bool(#0)
 46 | b45 = bool(#0)
 47 | b46 = bool(#0)
 48 | b47 = bool(#1)
 49 | inner = b0 * b1
 50 | x0 = 33860316972155444993786373798026421371939187633298958089058826269505131570572 + 4226393914626074620948936004615547265604490912620318630245965505957185135143 * b0 + 37441526755211924331825564564236519453867190604113937282895033561968998282370 * b1 + 3446994320820307097032031501091944760790429817635120053161522474524483867619 * inner
 51 | y0 = (2*b2 - 1) * (60671692165106483604271687017658706228693866043851659747576035057462336816439 + 106623529194841966177978043613161462997819727543347939845701802773096694465177 * b0 + 47938224980456232503229816213054428273092270511117363623465803065343455516367 * b1 + 26554478576463918077403240924474355766273225414729945824912137490949982314478 * inner)
 52 | inner = b3 * b4
 53 | x1 = 54431971297229333624718753949579168895356996521621374249159580775338578475429 + 109922599987230381266865652034812824606163384270625196619141286808347466603483 * b3 + 20881437303513882536145000241140988275700410965039187707257793757735868573130 * b4 + 45711614629433279542775433538377308708179109987126099483045222567080372222169 * inner
 54 | y1 = (2*b5 - 1) * (67941070270336610898300787086032880265370242167256588327808127727855653354684 + 7914610996944504619334512747300914331923604833539601302037069388032620265253 * b3 + 37484988275126684089135411772496467274419121649974161751318074268189768049590 * b4 + 58423187167962183997790956993675791196533256124157404338019371616198352161516 * inner)
 55 | inner = b6 * b7
 56 | x2 = 88930973464381297635837024470312311848883448831298461469838934561563052702686 + 67691388604549271616499668186959250400639820539227465051600028147715753701547 * b6 + 5905242161836463391747922240547459274457254646794898858995512087108916744203 * b7 + 88920389466874909325689300380323478613679953240730946873892524093955830967798 * inner
 57 | y2 = (2*b8 - 1) * (54280578284730686408505881826997798704097184887771637185376274859358469690413 + 102486172936731504811956156089256114251973053935237746031773679589242932125299 * b6 + 89297066128574112542649957033071053162857631507004030297537684798336399067439 * b7 + 82864044407841968794212878273644603654837796015523818432366123748474118696330 * inner)
 58 | inner = b9 * b10
 59 | x3 = 65451959348736685490191104056762622567632773177268838749346319292580156737489 + 113376016858564156775591284924797246334836388724033691868505272651511287807418 * b9 + 91789743906880627141660491631704736858998154305203490500851220037915508425096 * b10 + 54168485752751298105165992994527168261297184511677113147426879056474828063084 * inner
 60 | y3 = (2*b11 - 1) * (89675333398076471056554693784413522735391158043442244021562090712870883698282 + 12766819575197444644518949406591763589856820725718005604518479450789243520350 * b9 + 45853769813178221631807171325707236455821270565640117700637507476073749817738 * b10 + 84385214790007112537133629204957247489423816501707208011870621267303842560307 * inner)
 61 | inner = b12 * b13
 62 | x4 = 30733270695114255474179995693062501537188166769480567855484934644121838593288 + 41843445197469758275278236767424117764769812625086743074447835033803871493503 * b12 + 89149585902572769939844662396752372957201761150094821282671225123656900054558 * b13 + 68619315336272089961141851595360751363933209021459590139410170018969237768298 * inner
 63 | y4 = (2*b14 - 1) * (2587274125223747214103178801499820450070701236005753042324229146418902149537 + 10057237954277581473864447071551267669291243678180559456522624232325051464377 * b12 + 111391247346570272597172485607827547702057040779135727467721921162355020166772 * b13 + 84792018272686873254709316254289887879344353220504296072281842365669454971377 * inner)
 64 | inner = b15 * b16
 65 | x5 = 25035820445340070943139609257460962514656075216503992514165748811238727779550 + 84866909478457437003478165133952766385543931201854117081964079622847194637681 * b15 + 82084517932670254084599541015297043303678543413049426836440087444843205986432 * b16 + 87214924702127554641980519162985324137670060047871712664904850912007490684950 * inner
 66 | y5 = (2*b17 - 1) * (59913200772692539626046113072997426545581484626437040475214012295445734311982 + 14749237545714527901123651786122034274431747030914276868918523732483871892130 * b15 + 7469154284945361648578855171824106486061429836004233430725604994591296439538 * b16 + 107545671356138370851118733914219649068894671080530359032315490135273326726902 * inner)
 67 | inner = b18 * b19
 68 | x6 = 13311138140066761459404618988626040366085773893124788047050152787289418403258 + 44056692330460254659769027106557590085985565711458555579304150014558343778970 * b18 + 44818794418362906799299302902020134699153500980593972804900985468916403721937 * b19 + 54863958965231320701533055257334624375524760420005772506856886950605160369345 * inner
 69 | y6 = (2*b20 - 1) * (102117014955705575959623858932281439646073420708517313094811946356915167766551 + 49839634457122342749632915355629936580573494269272840496775499766920171379098 * b18 + 51262614581227667539812544779762266429108431151809065393222740293161056571161 * b19 + 15292636614739455419815562454666864586634474240816653131234507817436276356298 * inner)
 70 | inner = b21 * b22
 71 | x7 = 95010881276639922005914917651750538742619706898460615615344699756091544425391 + 48938559988070616763194425090842982321117211216135677038263504146717892136551 * b21 + 91953774548662954821980712463525191841705092346040884266432710770123517316093 * b22 + 103392487974062033655581207793799331738979472128370164258268473184509696672758 * inner
 72 | y7 = (2*b23 - 1) * (38667759103943533362758497793305683610289650765581589733666387889467420116146 + 107399426453888734345351115946706731176380113066346117568394954868287551878507 * b21 + 95026242949941224026008230366294307174206991013015052925331841530379671874539 * b22 + 65322883399688449729152653410843576368062495377690264452749360499235990230062 * inner)
 73 | inner = b24 * b25
 74 | x8 = 8411416142822721941124080054953714175010302856925872381699610147508766198438 + 33737938285386243634057159008334462151541152781660858512423760914244828828930 * b24 + 43011982754871383371653957285347108629901670285299813934394139742860602871256 * b25 + 65191242767433721911902130174941496083931921870412024243581391622157456621389 * inner
 75 | y8 = (2*b26 - 1) * (52785340782668036407952257395228683326821511643071960112600388386371878269618 + 25158261700112138362583558697124842464011987446326739200780665145350227063672 * b24 + 33899198907057060021604368607190293541868679280853196009301965951492936263578 * b25 + 66290967881677094799955955264529305391862880877571368051210151342724748701211 * inner)
 76 | inner = b27 * b28
 77 | x9 = 55913207020155169205606095253145756669846378044486988973130442139082553613849 + 59427082381908107465204551039911558130347666634056696808394633609920913507413 * b27 + 88845342534360932144647894837521513735889700395860905783449989066651766135576 * b28 + 70359403842756754124751145894901642151245966665536529096062500037757039795838 * inner
 78 | y9 = (2*b29 - 1) * (57503160300075095536177081165534533147841994154076489764929321930563621992299 + 89931964273136837664676729970746680320677292784060056360799406664519895898963 * b27 + 73543171356793984368503954110168399439941768090486118534861776798564339037610 * b28 + 87107792781743023065195458989251453613041890452690416056036130704080081167454 * inner)
 79 | inner = b30 * b31
 80 | x10 = 29633542631682911438638685612481269260951414954874072472655265408703537959243 + 66264564174622352566327481863031237859073149175702807429574311173668677418851 * b30 + 19151982247460887158132612035890227817523561420740855625766243171151164617912 * b31 + 63868340269187844240902195914781360058504440168945552958646038402598070508622 * inner
 81 | y10 = (2*b32 - 1) * (28248260569463965213018670642357818131036726674139397429399646102276894673683 + 12324909917870350454550514681824222090142389330038284196527316897483638789030 * b30 + 81271730891114673685892529344015522318474567383197360182706970414511761999313 * b31 + 71249542437391727902880653667678475603629202543107560150113703944109619532892 * inner)
 82 | inner = b33 * b34
 83 | x11 = 73248382074389596756452911501623294446744363676965329425600813424849873613199 + 5522135253159756131756209033957923843939868356671062846852634167179547313729 * b33 + 2109877780698555824459243841279414548255977313990317688298723037321727397807 * b34 + 106350687090620468458157503160639668196923160059958770710245290092609482971950 * inner
 84 | y11 = (2*b35 - 1) * (41286419974058525743110399365447243533577555978187988037687857142764758803266 + 80656033737192439024583992623941311683074519158347719255910719419885958592613 * b33 + 37464196566178059117417652747584780963369196014272738371646756209726770418300 * b34 + 84919009971409185873030965409080944761509172748948903956607528412537826523770 * inner)
 85 | inner = b36 * b37
 86 | x12 = 73182048111244492279108107068311889881512371965869552997440613874741424981831 + 22839855117725518878945858082171032430723972081554950574511011667480142035005 * b36 + 25944898768907996218531920835219810338336233848977076917463700389911471697744 * b37 + 26862809867744141147009828134225496901691584377744947342099480443235790400157 * inner
 87 | y12 = (2*b38 - 1) * (16777435456203204476947363279182218202961872177784856782798630205919199257489 + 58839346237032636507463735002191955228714795572434184243252616112522881266327 * b36 + 68923008469557330978870509047827647175110739094207743142293225507600648590029 * b37 + 102997539866921324710840442771237639851469896243757883102696230839656386703591 * inner)
 88 | inner = b39 * b40
 89 | x13 = 50588272554553998349004858197229717476591421199029779377624450686259922575241 + 65486930156978283074073591673493531895542332262229004173805862059369930483920 * b39 + 60209403506320401736614926335275960845703396008099196200952283371697255436890 * b40 + 77343639726190153146082619210509597523639526262875348892651906340990352302837 * inner
 90 | y13 = (2*b41 - 1) * (90874025597000825453098621715884930544101648858864139944609546503670927633903 + 58281307168710408509356464339579482597911598264898551290165795608794541925556 * b39 + 99632891165444325965527631902139052767347664716955264168401635700977029290742 * b40 + 38194620733828167346301413021732938950089338282111241906816535447479029620921 * inner)
 91 | inner = b42 * b43
 92 | x14 = 57727844442944156664156605086562232407938222860528160658199003480860034630156 + 12213209531623351366670034594012575904625764567442449017253330369388523358001 * b42 + 22372524779805939232055558051753551613650658134878325454350291133451722018221 * b43 + 99977399144312533969768302355379497883517768531363017881078986365285743746208 * inner
 93 | y14 = (2*b44 - 1) * (83947856516154291400692444563907935091584459986177373065759193478680318722596 + 96179987096613403306163541872872169032600523409197678016691509032685363420327 * b42 + 21833664423677635331464780738166894244039230859467230712160791905317370217472 * b43 + 99152339212633073233321523331267614844350910881159491333685082085140770023617 * inner)
 94 | inner = b45 * b46
 95 | x15 = 58815831005196528922101427851975230856703679571886734031851459550552259455674 + 85721002540876642867391688164378624626487107751052899821262526105511277776844 * b45 + 70148578850355851736688603374936359726118031005549938686381520730156977318763 * b46 + 84299373225570069503096249981453879549622902045293941546559381933874592702934 * inner
 96 | y15 = (2*b47 - 1) * (76326173816207987674646286624417300708336205060235485783064932486035151927577 + 42848443996580329491058427979815000509292007564519776205362975751930533609186 * b45 + 28623840864945300745895485974997472339951713511216910247880782167519604724300 * b46 + 106888074020922405060093763553252383830503443189574767853206734646160215901642 * inner)
 97 | x = 99344650757578975808193591098128426816981040165343872078229968196292787702737
 98 | y = 61542207478518528572282067819358224399204473964944675934446512074236646168970
 99 | xd = x0 - x
100 | yd = y0 - y
101 | lambda = yd / xd
102 | x = lambda*lambda - 2*x0 + xd
103 | y = lambda*(x0 - x) - y0
104 | xd = x1 - x
105 | yd = y1 - y
106 | lambda = yd / xd
107 | x = lambda*lambda - 2*x1 + xd
108 | y = lambda*(x1 - x) - y1
109 | xd = x2 - x
110 | yd = y2 - y
111 | lambda = yd / xd
112 | x = lambda*lambda - 2*x2 + xd
113 | y = lambda*(x2 - x) - y2
114 | xd = x3 - x
115 | yd = y3 - y
116 | lambda = yd / xd
117 | x = lambda*lambda - 2*x3 + xd
118 | y = lambda*(x3 - x) - y3
119 | xd = x4 - x
120 | yd = y4 - y
121 | lambda = yd / xd
122 | x = lambda*lambda - 2*x4 + xd
123 | y = lambda*(x4 - x) - y4
124 | xd = x5 - x
125 | yd = y5 - y
126 | lambda = yd / xd
127 | x = lambda*lambda - 2*x5 + xd
128 | y = lambda*(x5 - x) - y5
129 | xd = x6 - x
130 | yd = y6 - y
131 | lambda = yd / xd
132 | x = lambda*lambda - 2*x6 + xd
133 | y = lambda*(x6 - x) - y6
134 | xd = x7 - x
135 | yd = y7 - y
136 | lambda = yd / xd
137 | x = lambda*lambda - 2*x7 + xd
138 | y = lambda*(x7 - x) - y7
139 | xd = x8 - x
140 | yd = y8 - y
141 | lambda = yd / xd
142 | x = lambda*lambda - 2*x8 + xd
143 | y = lambda*(x8 - x) - y8
144 | xd = x9 - x
145 | yd = y9 - y
146 | lambda = yd / xd
147 | x = lambda*lambda - 2*x9 + xd
148 | y = lambda*(x9 - x) - y9
149 | xd = x10 - x
150 | yd = y10 - y
151 | lambda = yd / xd
152 | x = lambda*lambda - 2*x10 + xd
153 | y = lambda*(x10 - x) - y10
154 | xd = x11 - x
155 | yd = y11 - y
156 | lambda = yd / xd
157 | x = lambda*lambda - 2*x11 + xd
158 | y = lambda*(x11 - x) - y11
159 | xd = x12 - x
160 | yd = y12 - y
161 | lambda = yd / xd
162 | x = lambda*lambda - 2*x12 + xd
163 | y = lambda*(x12 - x) - y12
164 | xd = x13 - x
165 | yd = y13 - y
166 | lambda = yd / xd
167 | x = lambda*lambda - 2*x13 + xd
168 | y = lambda*(x13 - x) - y13
169 | xd = x14 - x
170 | yd = y14 - y
171 | lambda = yd / xd
172 | x = lambda*lambda - 2*x14 + xd
173 | y = lambda*(x14 - x) - y14
174 | xd = x15 - x
175 | yd = y15 - y
176 | lambda = yd / xd
177 | x = lambda*lambda - 2*x15 + xd
178 | y = lambda*(x15 - x) - y15
179 | x == 38235171814957997025915347899302648929076551326666298934763861638545345078193
180 | 


--------------------------------------------------------------------------------
/jubjub-6.circuit:
--------------------------------------------------------------------------------
 1 | [0.000000] Parsing...
 2 | [0.008665] 16 multiplications, 6 temporaries, 39 constraints, 271 cost
 3 | [0.008680] Eliminating...
 4 | [0.009299] 16 multiplications, 33 constraints, 253 cost
 5 | [0.009302] Reducing...
 6 | [0.024514] 16 multiplications, 33 constraints, 218 cost
 7 | [0.024517] Maximizing 1s...
 8 | [0.025139] Done
 9 | 
10 | 16,0,33; -R0 + L0 = 1; O0 = 0; -R1 + L1 = 1; O1 = 0; -R2 + L2 = 1; O2 = 0; -R3 + L3 = 1; O3 = 0; -R4 + L4 = 1; O4 = 0; -R5 + L5 = 1; O5 = 0; -L6 + L0 = 0; -R6 + L1 = 0; O6 + 43761614841181848836640060563436836929981077120207297347288494535014373124598*L7 + 32269103446714936439983769262136990710725469005847626272964912432556195438855*L0 + 53470148824566042419568143658779164645897136432324031591105781651996231383599*L1 = -29906057699896301565330867720293440045651680527210179749355355245466869592774; R7 - 2*L2 = -1; -L8 + L3 = 0; -R8 + L4 = 0; O8 + 21014290721093653874050402869616240144839777829078930642127268241692916015010*L9 + 30291292020152637070930450826530356553284841560358009904384208293049320970610*L3 + 37447708648605002961390823892644286535292237354956047616343665579501453451337*L4 = 33599098110850580423117463872611295999788948305235313026833103670878202638822; R9 - 2*L5 = -1; O7 - O10 = 30417800688223880646597945931474300561251654875325094848136813623514928156008; R10 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L7 = -13941224360833447422644581669313969619767296581883801916737428011608513055714; L10 - L11 = 0; L10 - R11 = 0; L10 - L12 = 0; O11 + R12 - 51516127673109386393816398459009443243459283883942664948368606277819222758886*L0 + 22582466753822382779073389479770109573390773792387186616066489900684041180370*L1 + 6726530529681914566372314857891225234480658195599878720927037650816335268370*L7 = -40877775983237697526318616397732109359596550407446135921154471661871302260227; O9 - O12 - O13 + O10 = -30417800688223880646597945931474300561251654875325094848136813623514928156008; O11 + R13 - 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 + 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 - 5035688805764254729615047036903177527727379034866312505324239583314225212885*L3 + 30759539956556623185178837535720172364584628569249377782678985276037466457*L4 - 7224137796052607702389482387318843227054137898881038815935328843778405489389*L9 + 3363265264840957283186157428945612617240329097799939360463518825408167634185*L7 = -35869149926219234463595526134454558797979900749538521778533857167796924865071; L13 - L14 = 0; L13 - R14 = 0; L13 - L15 = 0; R15 - 5035688805764254729615047036903177527727379034866312505324239583314225212885*L3 + 30759539956556623185178837535720172364584628569249377782678985276037466457*L4 - 7224137796052607702389482387318843227054137898881038815935328843778405489389*L9 = -30677568380102536271773179443936427026401571883477512915576407436690852969727; O14 - O11 + 25758063836554693196908199229504721621729641941971332474184303138909611379443*L0 - 11291233376911191389536694739885054786695386896193593308033244950342020590185*L1 - 5035688805764254729615047036903177527727379034866312505324239583314225212885*L3 + 30759539956556623185178837535720172364584628569249377782678985276037466457*L4 - 7224137796052607702389482387318843227054137898881038815935328843778405489389*L9 - 3363265264840957283186157428945612617240329097799939360463518825408167634185*L7 = 26753596133306014974574778301177558529867574617408939284080208413231094704325;
11 | 
12 | Secret inputs:
13 | L = {SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x8622f5f9, 0x83a711d6, 0x35530e80, 0x298ac2f1, 0x287824b2, 0xf76f6474, 0x7f4919d6, 0x2e300537), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x96354875, 0x4f6885e1, 0x0842bb28, 0x84bf9b55, 0xef4c3e4f, 0xcf53be58, 0x83c5c830, 0x1623fcbc), SECP256K1_SCALAR_CONST(0x8a35cea3, 0x9b795353, 0xad9f3d31, 0xbb0515ac, 0x740e836c, 0xd80496c9, 0x61fc18d3, 0x4daf8db9), SECP256K1_SCALAR_CONST(0x8a35cea3, 0x9b795353, 0xad9f3d31, 0xbb0515ac, 0x740e836c, 0xd80496c9, 0x61fc18d3, 0x4daf8db9), SECP256K1_SCALAR_CONST(0x8a35cea3, 0x9b795353, 0xad9f3d31, 0xbb0515ac, 0x740e836c, 0xd80496c9, 0x61fc18d3, 0x4daf8db9), SECP256K1_SCALAR_CONST(0x40d6b048, 0xad30e0e7, 0x864cc2f7, 0xfbbe4e0a, 0x6d5e8352, 0x491167c7, 0xca26ea35, 0x0872ea0d), SECP256K1_SCALAR_CONST(0x40d6b048, 0xad30e0e7, 0x864cc2f7, 0xfbbe4e0a, 0x6d5e8352, 0x491167c7, 0xca26ea35, 0x0872ea0d), SECP256K1_SCALAR_CONST(0x40d6b048, 0xad30e0e7, 0x864cc2f7, 0xfbbe4e0a, 0x6d5e8352, 0x491167c7, 0xca26ea35, 0x0872ea0d)}
14 | R = {SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140), SECP256K1_SCALAR_CONST(0x546ff55c, 0x7830c982, 0xdb7a78cb, 0x0120846e, 0x47fdfbde, 0xed6ce4a0, 0xef525b99, 0xaea1efa1), SECP256K1_SCALAR_CONST(0x8a35cea3, 0x9b795353, 0xad9f3d31, 0xbb0515ac, 0x740e836c, 0xd80496c9, 0x61fc18d3, 0x4daf8db9), SECP256K1_SCALAR_CONST(0x184fd459, 0x636c48f7, 0xaae8dfc2, 0x154fade2, 0x09007a45, 0xa0a0ada4, 0x6beb79e4, 0x3be7fe86), SECP256K1_SCALAR_CONST(0x45caf924, 0xe983c13a, 0xf422149b, 0x1afd3aa6, 0xdcf07889, 0x6e130b76, 0x6ec9063b, 0x0a88129f), SECP256K1_SCALAR_CONST(0x40d6b048, 0xad30e0e7, 0x864cc2f7, 0xfbbe4e0a, 0x6d5e8352, 0x491167c7, 0xca26ea35, 0x0872ea0d), SECP256K1_SCALAR_CONST(0x51d7e2a0, 0x755fca9c, 0x039c15b2, 0x2c93ff97, 0x57c196ce, 0x09ac7c01, 0x69177867, 0x0866b6c9)}
15 | O = {SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x8622f5f9, 0x83a711d6, 0x35530e80, 0x298ac2f1, 0x287824b2, 0xf76f6474, 0x7f4919d6, 0x2e300537), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0x69cab78a, 0xb0977a1e, 0xf7bd44d7, 0x7b4064a8, 0xcb629e96, 0xdff4e1e3, 0x3c0c965c, 0xba124485), SECP256K1_SCALAR_CONST(0x42e31883, 0x7b9a8dd4, 0x5bf77b8a, 0x58fdc2bc, 0x021a5140, 0xc0b68314, 0x939615b4, 0xbcdd77cf), SECP256K1_SCALAR_CONST(0x73d4fe29, 0x7664b836, 0xe6c82cb5, 0xcab80c91, 0x9a3c202a, 0xa0efc696, 0xd3cfe4c9, 0x989ec27d), SECP256K1_SCALAR_CONST(0x3c1d3409, 0xf5c9cae4, 0x46f80db8, 0xc05fe572, 0x79c5a5d5, 0xec7605c4, 0x872a7535, 0x0c73f971), SECP256K1_SCALAR_CONST(0xb3d0797a, 0x3e74c110, 0xe618459e, 0xe46b4227, 0x7a151d73, 0xeaee4093, 0x342b3afd, 0xdbce504b), SECP256K1_SCALAR_CONST(0xd1635a7c, 0x8564a7a4, 0x5118f980, 0xaa9faaf2, 0x325881c3, 0x1f94eada, 0x5fc5e0a9, 0xdc1a2387), SECP256K1_SCALAR_CONST(0xa8895017, 0xc8441304, 0xe4f34b77, 0x7b4c2660, 0x1897c412, 0xad67641d, 0xe21990f6, 0x3e4160ec)}
16 | 


--------------------------------------------------------------------------------
/jubjub-6.program:
--------------------------------------------------------------------------------
 1 | b0 = bool(#0)
 2 | b1 = bool(#0)
 3 | b2 = bool(#1)
 4 | b3 = bool(#0)
 5 | b4 = bool(#0)
 6 | b5 = bool(#0)
 7 | inner = b0 * b1
 8 | x0 = 33860316972155444993786373798026421371939187633298958089058826269505131570572 + 4226393914626074620948936004615547265604490912620318630245965505957185135143 * b0 + 37441526755211924331825564564236519453867190604113937282895033561968998282370 * b1 + 3446994320820307097032031501091944760790429817635120053161522474524483867619 * inner
 9 | y0 = (2*b2 - 1) * (60671692165106483604271687017658706228693866043851659747576035057462336816439 + 106623529194841966177978043613161462997819727543347939845701802773096694465177 * b0 + 47938224980456232503229816213054428273092270511117363623465803065343455516367 * b1 + 26554478576463918077403240924474355766273225414729945824912137490949982314478 * inner)
10 | inner = b3 * b4
11 | x1 = 54431971297229333624718753949579168895356996521621374249159580775338578475429 + 109922599987230381266865652034812824606163384270625196619141286808347466603483 * b3 + 20881437303513882536145000241140988275700410965039187707257793757735868573130 * b4 + 45711614629433279542775433538377308708179109987126099483045222567080372222169 * inner
12 | y1 = (2*b5 - 1) * (67941070270336610898300787086032880265370242167256588327808127727855653354684 + 7914610996944504619334512747300914331923604833539601302037069388032620265253 * b3 + 37484988275126684089135411772496467274419121649974161751318074268189768049590 * b4 + 58423187167962183997790956993675791196533256124157404338019371616198352161516 * inner)
13 | x = 111460313483459261196561167322319851146150245197848727020045291261966736111404
14 | y = 30417800688223880646597945931474300561251654875325094848136813623514928156008
15 | xd = x0 - x
16 | yd = y0 - y
17 | lambda = yd / xd
18 | x = lambda*lambda - 2*x0 + xd
19 | y = lambda*(x0 - x) - y0
20 | xd = x1 - x
21 | yd = y1 - y
22 | lambda = yd / xd
23 | x = lambda*lambda - 2*x1 + xd
24 | y = lambda*(x1 - x) - y1
25 | x == 17413194322430617684841870351531951261563605878275147778899722039605291926236
26 | 


--------------------------------------------------------------------------------
/jubjub-96.program:
--------------------------------------------------------------------------------
  1 | b0 = bool(#0)
  2 | b1 = bool(#0)
  3 | b2 = bool(#1)
  4 | b3 = bool(#0)
  5 | b4 = bool(#0)
  6 | b5 = bool(#0)
  7 | b6 = bool(#1)
  8 | b7 = bool(#1)
  9 | b8 = bool(#0)
 10 | b9 = bool(#0)
 11 | b10 = bool(#0)
 12 | b11 = bool(#0)
 13 | b12 = bool(#1)
 14 | b13 = bool(#0)
 15 | b14 = bool(#1)
 16 | b15 = bool(#0)
 17 | b16 = bool(#0)
 18 | b17 = bool(#0)
 19 | b18 = bool(#0)
 20 | b19 = bool(#1)
 21 | b20 = bool(#0)
 22 | b21 = bool(#1)
 23 | b22 = bool(#0)
 24 | b23 = bool(#0)
 25 | b24 = bool(#0)
 26 | b25 = bool(#0)
 27 | b26 = bool(#1)
 28 | b27 = bool(#1)
 29 | b28 = bool(#0)
 30 | b29 = bool(#1)
 31 | b30 = bool(#0)
 32 | b31 = bool(#1)
 33 | b32 = bool(#1)
 34 | b33 = bool(#0)
 35 | b34 = bool(#1)
 36 | b35 = bool(#1)
 37 | b36 = bool(#0)
 38 | b37 = bool(#1)
 39 | b38 = bool(#0)
 40 | b39 = bool(#1)
 41 | b40 = bool(#0)
 42 | b41 = bool(#1)
 43 | b42 = bool(#0)
 44 | b43 = bool(#0)
 45 | b44 = bool(#0)
 46 | b45 = bool(#0)
 47 | b46 = bool(#0)
 48 | b47 = bool(#1)
 49 | b48 = bool(#1)
 50 | b49 = bool(#0)
 51 | b50 = bool(#1)
 52 | b51 = bool(#0)
 53 | b52 = bool(#0)
 54 | b53 = bool(#0)
 55 | b54 = bool(#1)
 56 | b55 = bool(#0)
 57 | b56 = bool(#1)
 58 | b57 = bool(#1)
 59 | b58 = bool(#0)
 60 | b59 = bool(#1)
 61 | b60 = bool(#1)
 62 | b61 = bool(#1)
 63 | b62 = bool(#1)
 64 | b63 = bool(#1)
 65 | b64 = bool(#0)
 66 | b65 = bool(#1)
 67 | b66 = bool(#1)
 68 | b67 = bool(#1)
 69 | b68 = bool(#0)
 70 | b69 = bool(#1)
 71 | b70 = bool(#1)
 72 | b71 = bool(#0)
 73 | b72 = bool(#0)
 74 | b73 = bool(#0)
 75 | b74 = bool(#0)
 76 | b75 = bool(#0)
 77 | b76 = bool(#0)
 78 | b77 = bool(#1)
 79 | b78 = bool(#1)
 80 | b79 = bool(#1)
 81 | b80 = bool(#1)
 82 | b81 = bool(#0)
 83 | b82 = bool(#1)
 84 | b83 = bool(#0)
 85 | b84 = bool(#1)
 86 | b85 = bool(#1)
 87 | b86 = bool(#0)
 88 | b87 = bool(#0)
 89 | b88 = bool(#1)
 90 | b89 = bool(#0)
 91 | b90 = bool(#0)
 92 | b91 = bool(#1)
 93 | b92 = bool(#1)
 94 | b93 = bool(#0)
 95 | b94 = bool(#0)
 96 | b95 = bool(#0)
 97 | inner = b0 * b1
 98 | x0 = 33860316972155444993786373798026421371939187633298958089058826269505131570572 + 4226393914626074620948936004615547265604490912620318630245965505957185135143 * b0 + 37441526755211924331825564564236519453867190604113937282895033561968998282370 * b1 + 3446994320820307097032031501091944760790429817635120053161522474524483867619 * inner
 99 | y0 = (2*b2 - 1) * (60671692165106483604271687017658706228693866043851659747576035057462336816439 + 106623529194841966177978043613161462997819727543347939845701802773096694465177 * b0 + 47938224980456232503229816213054428273092270511117363623465803065343455516367 * b1 + 26554478576463918077403240924474355766273225414729945824912137490949982314478 * inner)
100 | inner = b3 * b4
101 | x1 = 54431971297229333624718753949579168895356996521621374249159580775338578475429 + 109922599987230381266865652034812824606163384270625196619141286808347466603483 * b3 + 20881437303513882536145000241140988275700410965039187707257793757735868573130 * b4 + 45711614629433279542775433538377308708179109987126099483045222567080372222169 * inner
102 | y1 = (2*b5 - 1) * (67941070270336610898300787086032880265370242167256588327808127727855653354684 + 7914610996944504619334512747300914331923604833539601302037069388032620265253 * b3 + 37484988275126684089135411772496467274419121649974161751318074268189768049590 * b4 + 58423187167962183997790956993675791196533256124157404338019371616198352161516 * inner)
103 | inner = b6 * b7
104 | x2 = 88930973464381297635837024470312311848883448831298461469838934561563052702686 + 67691388604549271616499668186959250400639820539227465051600028147715753701547 * b6 + 5905242161836463391747922240547459274457254646794898858995512087108916744203 * b7 + 88920389466874909325689300380323478613679953240730946873892524093955830967798 * inner
105 | y2 = (2*b8 - 1) * (54280578284730686408505881826997798704097184887771637185376274859358469690413 + 102486172936731504811956156089256114251973053935237746031773679589242932125299 * b6 + 89297066128574112542649957033071053162857631507004030297537684798336399067439 * b7 + 82864044407841968794212878273644603654837796015523818432366123748474118696330 * inner)
106 | inner = b9 * b10
107 | x3 = 65451959348736685490191104056762622567632773177268838749346319292580156737489 + 113376016858564156775591284924797246334836388724033691868505272651511287807418 * b9 + 91789743906880627141660491631704736858998154305203490500851220037915508425096 * b10 + 54168485752751298105165992994527168261297184511677113147426879056474828063084 * inner
108 | y3 = (2*b11 - 1) * (89675333398076471056554693784413522735391158043442244021562090712870883698282 + 12766819575197444644518949406591763589856820725718005604518479450789243520350 * b9 + 45853769813178221631807171325707236455821270565640117700637507476073749817738 * b10 + 84385214790007112537133629204957247489423816501707208011870621267303842560307 * inner)
109 | inner = b12 * b13
110 | x4 = 30733270695114255474179995693062501537188166769480567855484934644121838593288 + 41843445197469758275278236767424117764769812625086743074447835033803871493503 * b12 + 89149585902572769939844662396752372957201761150094821282671225123656900054558 * b13 + 68619315336272089961141851595360751363933209021459590139410170018969237768298 * inner
111 | y4 = (2*b14 - 1) * (2587274125223747214103178801499820450070701236005753042324229146418902149537 + 10057237954277581473864447071551267669291243678180559456522624232325051464377 * b12 + 111391247346570272597172485607827547702057040779135727467721921162355020166772 * b13 + 84792018272686873254709316254289887879344353220504296072281842365669454971377 * inner)
112 | inner = b15 * b16
113 | x5 = 25035820445340070943139609257460962514656075216503992514165748811238727779550 + 84866909478457437003478165133952766385543931201854117081964079622847194637681 * b15 + 82084517932670254084599541015297043303678543413049426836440087444843205986432 * b16 + 87214924702127554641980519162985324137670060047871712664904850912007490684950 * inner
114 | y5 = (2*b17 - 1) * (59913200772692539626046113072997426545581484626437040475214012295445734311982 + 14749237545714527901123651786122034274431747030914276868918523732483871892130 * b15 + 7469154284945361648578855171824106486061429836004233430725604994591296439538 * b16 + 107545671356138370851118733914219649068894671080530359032315490135273326726902 * inner)
115 | inner = b18 * b19
116 | x6 = 13311138140066761459404618988626040366085773893124788047050152787289418403258 + 44056692330460254659769027106557590085985565711458555579304150014558343778970 * b18 + 44818794418362906799299302902020134699153500980593972804900985468916403721937 * b19 + 54863958965231320701533055257334624375524760420005772506856886950605160369345 * inner
117 | y6 = (2*b20 - 1) * (102117014955705575959623858932281439646073420708517313094811946356915167766551 + 49839634457122342749632915355629936580573494269272840496775499766920171379098 * b18 + 51262614581227667539812544779762266429108431151809065393222740293161056571161 * b19 + 15292636614739455419815562454666864586634474240816653131234507817436276356298 * inner)
118 | inner = b21 * b22
119 | x7 = 95010881276639922005914917651750538742619706898460615615344699756091544425391 + 48938559988070616763194425090842982321117211216135677038263504146717892136551 * b21 + 91953774548662954821980712463525191841705092346040884266432710770123517316093 * b22 + 103392487974062033655581207793799331738979472128370164258268473184509696672758 * inner
120 | y7 = (2*b23 - 1) * (38667759103943533362758497793305683610289650765581589733666387889467420116146 + 107399426453888734345351115946706731176380113066346117568394954868287551878507 * b21 + 95026242949941224026008230366294307174206991013015052925331841530379671874539 * b22 + 65322883399688449729152653410843576368062495377690264452749360499235990230062 * inner)
121 | inner = b24 * b25
122 | x8 = 8411416142822721941124080054953714175010302856925872381699610147508766198438 + 33737938285386243634057159008334462151541152781660858512423760914244828828930 * b24 + 43011982754871383371653957285347108629901670285299813934394139742860602871256 * b25 + 65191242767433721911902130174941496083931921870412024243581391622157456621389 * inner
123 | y8 = (2*b26 - 1) * (52785340782668036407952257395228683326821511643071960112600388386371878269618 + 25158261700112138362583558697124842464011987446326739200780665145350227063672 * b24 + 33899198907057060021604368607190293541868679280853196009301965951492936263578 * b25 + 66290967881677094799955955264529305391862880877571368051210151342724748701211 * inner)
124 | inner = b27 * b28
125 | x9 = 55913207020155169205606095253145756669846378044486988973130442139082553613849 + 59427082381908107465204551039911558130347666634056696808394633609920913507413 * b27 + 88845342534360932144647894837521513735889700395860905783449989066651766135576 * b28 + 70359403842756754124751145894901642151245966665536529096062500037757039795838 * inner
126 | y9 = (2*b29 - 1) * (57503160300075095536177081165534533147841994154076489764929321930563621992299 + 89931964273136837664676729970746680320677292784060056360799406664519895898963 * b27 + 73543171356793984368503954110168399439941768090486118534861776798564339037610 * b28 + 87107792781743023065195458989251453613041890452690416056036130704080081167454 * inner)
127 | inner = b30 * b31
128 | x10 = 29633542631682911438638685612481269260951414954874072472655265408703537959243 + 66264564174622352566327481863031237859073149175702807429574311173668677418851 * b30 + 19151982247460887158132612035890227817523561420740855625766243171151164617912 * b31 + 63868340269187844240902195914781360058504440168945552958646038402598070508622 * inner
129 | y10 = (2*b32 - 1) * (28248260569463965213018670642357818131036726674139397429399646102276894673683 + 12324909917870350454550514681824222090142389330038284196527316897483638789030 * b30 + 81271730891114673685892529344015522318474567383197360182706970414511761999313 * b31 + 71249542437391727902880653667678475603629202543107560150113703944109619532892 * inner)
130 | inner = b33 * b34
131 | x11 = 73248382074389596756452911501623294446744363676965329425600813424849873613199 + 5522135253159756131756209033957923843939868356671062846852634167179547313729 * b33 + 2109877780698555824459243841279414548255977313990317688298723037321727397807 * b34 + 106350687090620468458157503160639668196923160059958770710245290092609482971950 * inner
132 | y11 = (2*b35 - 1) * (41286419974058525743110399365447243533577555978187988037687857142764758803266 + 80656033737192439024583992623941311683074519158347719255910719419885958592613 * b33 + 37464196566178059117417652747584780963369196014272738371646756209726770418300 * b34 + 84919009971409185873030965409080944761509172748948903956607528412537826523770 * inner)
133 | inner = b36 * b37
134 | x12 = 73182048111244492279108107068311889881512371965869552997440613874741424981831 + 22839855117725518878945858082171032430723972081554950574511011667480142035005 * b36 + 25944898768907996218531920835219810338336233848977076917463700389911471697744 * b37 + 26862809867744141147009828134225496901691584377744947342099480443235790400157 * inner
135 | y12 = (2*b38 - 1) * (16777435456203204476947363279182218202961872177784856782798630205919199257489 + 58839346237032636507463735002191955228714795572434184243252616112522881266327 * b36 + 68923008469557330978870509047827647175110739094207743142293225507600648590029 * b37 + 102997539866921324710840442771237639851469896243757883102696230839656386703591 * inner)
136 | inner = b39 * b40
137 | x13 = 50588272554553998349004858197229717476591421199029779377624450686259922575241 + 65486930156978283074073591673493531895542332262229004173805862059369930483920 * b39 + 60209403506320401736614926335275960845703396008099196200952283371697255436890 * b40 + 77343639726190153146082619210509597523639526262875348892651906340990352302837 * inner
138 | y13 = (2*b41 - 1) * (90874025597000825453098621715884930544101648858864139944609546503670927633903 + 58281307168710408509356464339579482597911598264898551290165795608794541925556 * b39 + 99632891165444325965527631902139052767347664716955264168401635700977029290742 * b40 + 38194620733828167346301413021732938950089338282111241906816535447479029620921 * inner)
139 | inner = b42 * b43
140 | x14 = 57727844442944156664156605086562232407938222860528160658199003480860034630156 + 12213209531623351366670034594012575904625764567442449017253330369388523358001 * b42 + 22372524779805939232055558051753551613650658134878325454350291133451722018221 * b43 + 99977399144312533969768302355379497883517768531363017881078986365285743746208 * inner
141 | y14 = (2*b44 - 1) * (83947856516154291400692444563907935091584459986177373065759193478680318722596 + 96179987096613403306163541872872169032600523409197678016691509032685363420327 * b42 + 21833664423677635331464780738166894244039230859467230712160791905317370217472 * b43 + 99152339212633073233321523331267614844350910881159491333685082085140770023617 * inner)
142 | inner = b45 * b46
143 | x15 = 58815831005196528922101427851975230856703679571886734031851459550552259455674 + 85721002540876642867391688164378624626487107751052899821262526105511277776844 * b45 + 70148578850355851736688603374936359726118031005549938686381520730156977318763 * b46 + 84299373225570069503096249981453879549622902045293941546559381933874592702934 * inner
144 | y15 = (2*b47 - 1) * (76326173816207987674646286624417300708336205060235485783064932486035151927577 + 42848443996580329491058427979815000509292007564519776205362975751930533609186 * b45 + 28623840864945300745895485974997472339951713511216910247880782167519604724300 * b46 + 106888074020922405060093763553252383830503443189574767853206734646160215901642 * inner)
145 | inner = b48 * b49
146 | x16 = 12237021982639180841854684890298374008966580340747689713952570044991847201641 + 58043305046217383593331413611928253751129617547504361210361177789848915364652 * b48 + 26374960802373441771771279770251235664886404872120991172157992712545896575803 * b49 + 102358088170538213984227585978995006478188709215801250923486602691233403375118 * inner
147 | y16 = (2*b50 - 1) * (2256857940421981929210649079861841823217966744700471188926395299257357250852 + 60590907607870835857844644330741593952645483874180734126416305729409014341877 * b48 + 96647460040158613319072073729144628505688057858873083432079580609477533858357 * b49 + 20159541063360978381608719394307347085105022303799601390001197906398091505137 * inner)
148 | inner = b51 * b52
149 | x17 = 66603265117643350709296570731947774209342700787994872357410227400027041276372 + 11734794441511979394257058216277406685202675287523103451501638599511400258488 * b51 + 80604806827204173372008992065640421096347512791347546962182704613292979725920 * b52 + 95509980439731011908847741658681637766267488835946676779725275498175984507579 * inner
150 | y17 = (2*b53 - 1) * (16351909518624476650403010162298020643942598406508053924342517975913929130730 + 63061223164706743599503077153185874360835463169391480329271912318929686995266 * b51 + 99287353405141289725961315674399862722697029767546728154592848765437028002295 * b52 + 64043703131189447665807080599122748452382614130873538040441926082175035415121 * inner)
151 | inner = b54 * b55
152 | x18 = 56824028297556777804233574956978540383345692463569545624543886570511641635489 + 110952488617357988586919138028563003357124909743880192761573529894142178927065 * b54 + 82526692090208549496220640383095001640825923693851446076044714120207087354015 * b55 + 24821862528250540948067990491498391918951810589745700374403302372890349709392 * inner
153 | y18 = (2*b56 - 1) * (60853310437605936753758696520398202526983600089583446017614538463610607187633 + 97824483228999796420221715878901594641475058690773414166975644157410665178361 * b54 + 8329295830285690202052568423215975516388157296520298792467423041812595336244 * b55 + 65488259852644497318567812884779550134753273579059563246870624282074405828160 * inner)
154 | inner = b57 * b58
155 | x19 = 8359866502871307716728216154245762591522402442982190565112805583705608271137 + 41067310705704260716943012637223100319609286677182100884748248053300803274631 * b57 + 8601645090383692466645300245986674989745782280605019512197560951126220241031 * b58 + 6068400579527580628715000132889579594744637038425547238657401727873181510038 * inner
156 | y19 = (2*b59 - 1) * (110154338951222157866408858752386086927249523174570547955915144905392700032602 + 96896940625686845945196561948837695223855482072749104443520915941147655040723 * b57 + 1618148355907442374905603643987122956493390398107748743046509959689876394112 * b58 + 100712122143155296520720649486248978550906947685673055998149230875061090524426 * inner)
157 | inner = b60 * b61
158 | x20 = 37287171075822244213569076204437593470230771088686989616463419667049465052225 + 86059931446864270411562833510952319662672652148401531873124521411313051197297 * b60 + 66820497254966682574009414615136507631903405507474484767648132975390479203833 * b61 + 75604440239310923947583859695423904035042358834907536153090813848498124985533 * inner
159 | y20 = (2*b62 - 1) * (70520995619489162795097764728270449090739518275229869570648015267487619905848 + 56812385211784391241111817861728969595288891994028410841816240905442233765076 * b60 + 78961234671486903519834018376983149815421374929456065327842608272864475083037 * b61 + 67101905276187145319793929027635209318151767552866232752491351741062479875440 * inner)
160 | inner = b63 * b64
161 | x21 = 92052609322910358004278259661558449559961786539854852837116363820422053872321 + 7463958927200229768242436217014281137955085234891030657326467765368760305351 * b63 + 57902654133107036991725878371584542019822208106632718272379801067460673326754 * b64 + 87089336172143096526920794436217950306424448208797418763390634447582016746614 * inner
162 | y21 = (2*b65 - 1) * (63875028040890532234206641476644951560545418856602112667530615132328637786708 + 74573097149450953379116014654558785223691366567829285822605327971597594359120 * b63 + 81253797022240921882025986317081649415559178897718510823904405595427379765413 * b64 + 70815895107453354315192737700702151937590047637594551739261531933822105317041 * inner)
163 | inner = b66 * b67
164 | x22 = 75500503887445573436574808261440124798638489108899351652789661495934561415891 + 103590463289021820789181030352265813822782716611695633714288758874208988917559 * b66 + 35443138471333497758084378078212854361183213296063722640583318872233603525741 * b67 + 103714089231891347924479485981918797096976314712126191350774230854780580407702 * inner
165 | y22 = (2*b68 - 1) * (86849434719933341431325866698220176908366513865113240138529673682486711033121 + 99275594555127292503722078063272315621731871009688471590441574419084032641454 * b66 + 110170994948085977787214478425627169107972122005824849282664715930199076179556 * b67 + 19869205087412985965752200540600804246108448872599294249063457207813684106002 * inner)
166 | inner = b69 * b70
167 | x23 = 113204353759995284784430340380090539747378955079938037943439920359955718500524 + 30817934087081450199938391439236407609091339652282739157053787775103247529331 * b69 + 77031554832317016983585085432696667670959517895946986966190355037167565094765 * b70 + 102986678259989634382821741231551063965576796805556513814511748562198638744381 * inner
168 | y23 = (2*b71 - 1) * (65094110591526636586504395240718126999817779916845898158455933926603139055075 + 90904427973278528046785495648255588199565075600628821571269418124393782910778 * b69 + 20975563672245634772652395433490064591353055529229888757921035730329253653598 * b70 + 100166902518119024491264094313547378282771221008775582969793622904686597006264 * inner)
169 | inner = b72 * b73
170 | x24 = 819670498725456554112562588754253705830087505248311481996166776137683644181 + 35283950506071476396423746509725475413800496392658283195838630665892679200306 * b72 + 34384663129441002707499166135539033121624833124650270646541668548690870382554 * b73 + 7527399733712966693284548651184879618074865760004671494002653440074177087509 * inner
171 | y24 = (2*b74 - 1) * (106106696234261057519684427231031718666217390975338322877766829879287870378473 + 69251685544355784419248908316140957332534829919006959133038919745806269842398 * b72 + 66995697166685670095238124667551658015443349879164046015620407247515778833568 * b73 + 109677797095127090911845578556441421844670281432436497523307992425684461938490 * inner)
172 | inner = b75 * b76
173 | x25 = 82093278653300484835424244236389703932153114583183783819308589719242035919158 + 26466271905950822119863871243747661564497722079607224526845753409410796761554 * b75 + 74181208227381804950661335324163105136575557180795203850912444348851827205484 * b76 + 11708459083500298161783264487406468433968142783229645960683265004479121932452 * inner
174 | y25 = (2*b77 - 1) * (59649796510603955478858302134201615832583226958301001645980921795461748024717 + 80426024508587160477938809918338864515174073229852681539525124207557053086215 * b75 + 51163052337776103418875282364188993810912462623956430237861793419732194923542 * b76 + 6473160374871071214307637786521541533983320114860439884214014926479550267048 * inner)
175 | inner = b78 * b79
176 | x26 = 93317146977034538816679938256202855059139935654063743224411211947712467239113 + 77481247380239134944036813419356974808843212591123536708184150419626167541458 * b78 + 46959511906069386804422049661995651814048809144182976433924020567542708261643 * b79 + 49228774653703476080177684303233968042278562488855900655182337056986240321066 * inner
177 | y26 = (2*b80 - 1) * (97920255547462007488478173892796513533459709638080276039356563523593324282555 + 35319063188642142806624688255832409425743286485547251561383173930053590210817 * b78 + 54475024020355196497136247202939057544108875748500149650137881516204199269083 * b79 + 103815789500224300450268094517213491061433618061452675293402896916919022009111 * inner)
178 | inner = b81 * b82
179 | x27 = 76460648203778005980970586806220805370091498900169392227999588435840881599864 + 93822012378400213736388573435534903985013213290396124135861872209282660511240 * b81 + 3671892689548123753582266626618078509520149103068875119939022146046783382798 * b82 + 3256584210891479938442124044747851942230589896920990735170835890203566439189 * inner
180 | y27 = (2*b83 - 1) * (65848209820894434303755686302378543768394481761358784680476119288309164221669 + 80541552340220915530631336245465493888290816891186171409747345434292701252711 * b81 + 106656416944763813516559775741704422577562294833875960255888758479101444170654 * b82 + 91029414804221924727713120349758355860795622265610861693883255862613194233637 * inner)
181 | inner = b84 * b85
182 | x28 = 105285567640439227525766996746803069373293855148223941823151696657025145098361 + 64417063655136724926017637092636715201710979209986694941999437811581431931481 * b84 + 53732696674767352086201593042983321694325727390422611230649098249808623723172 * b85 + 73901245828176319063592276728523868059189305926432855364272709254203061593107 * inner
183 | y28 = (2*b86 - 1) * (75575707347216773461746955738914903470636117020328119917864329471484966831563 + 80029778249800507136391190994137280123305641344152837075695145764448627475513 * b84 + 10804841045732828531382320510121818732321866813171756291714597153345628883659 * b85 + 25967494399461557273238856921252239580540746613066505891911647578489365215163 * inner)
184 | inner = b87 * b88
185 | x29 = 57748148607103520875345230372566869390288332192359485016834155177911020237260 + 77773448685005414655626556513338970992017264425900963392724233004915120238993 * b87 + 18847555747165493508741619153709981275277773518330985014247630304682791583314 * b88 + 23764597397255149832530022401740840894148071415477554617805387433444925226202 * inner
186 | y29 = (2*b89 - 1) * (92993941910695366629046487282642134385343171741782044869246096402242727960215 + 8351638178645459997409271560885827840146364816304394633673621426276253695730 * b87 + 19631111971654327133842432024810842643062998576782468406583984140686401460128 * b88 + 97016602767268434815735483564854760677733262259578373146729908205381524459304 * inner)
187 | inner = b90 * b91
188 | x30 = 115014892427297465363145553985518283542829877579979522503366995402926389315933 + 59030630864184543959001569794247737174774290077644691506120908528593215914039 * b90 + 52532755510654189538115480396987998384952626128830699693342251995372759788839 * b91 + 62339063845645444776262210008051612997815446619717202727711962293400568272543 * inner
189 | y30 = (2*b92 - 1) * (25959156617872119272551294645911557729188406226594131128012408717847432972539 + 33576230181298812077510381218621973343325522061789963517267246561272185415371 * b90 + 13787187070592742063025114167910675315623308232361500846357339811350822732724 * b91 + 110257429281630525208169516704072962257690515920779064291480589770671909280016 * inner)
190 | inner = b93 * b94
191 | x31 = 42529372156416565174016740688551634802805600689426030963088563816643069531500 + 63562432453065367981891369672445732521261185255626438449104564702062183865881 * b93 + 111701791699587389723920764174185142500237491784919169230193147504761848113921 * b94 + 76478667734985052599201660823917358607795064027165245244649528032000616851840 * inner
192 | y31 = (2*b95 - 1) * (84005935610929373283805580190469180016605069999905896626248533828783693231818 + 58210439882862773306950913144274238331288816692586756657348274726756746332506 * b93 + 74782244543259546156367355447307160696842520630553859952100378075759981854248 * b94 + 110329060384797752559238542570631953612942568831817245802428122092341129449088 * inner)
193 | x = 38139219804258785393222903875106799227261520761320433899514786570887530582681
194 | y = 80898821732379072066269103706781960231278130589836359077260966665518451413329
195 | xd = x0 - x
196 | yd = y0 - y
197 | lambda = yd / xd
198 | x = lambda*lambda - 2*x0 + xd
199 | y = lambda*(x0 - x) - y0
200 | xd = x1 - x
201 | yd = y1 - y
202 | lambda = yd / xd
203 | x = lambda*lambda - 2*x1 + xd
204 | y = lambda*(x1 - x) - y1
205 | xd = x2 - x
206 | yd = y2 - y
207 | lambda = yd / xd
208 | x = lambda*lambda - 2*x2 + xd
209 | y = lambda*(x2 - x) - y2
210 | xd = x3 - x
211 | yd = y3 - y
212 | lambda = yd / xd
213 | x = lambda*lambda - 2*x3 + xd
214 | y = lambda*(x3 - x) - y3
215 | xd = x4 - x
216 | yd = y4 - y
217 | lambda = yd / xd
218 | x = lambda*lambda - 2*x4 + xd
219 | y = lambda*(x4 - x) - y4
220 | xd = x5 - x
221 | yd = y5 - y
222 | lambda = yd / xd
223 | x = lambda*lambda - 2*x5 + xd
224 | y = lambda*(x5 - x) - y5
225 | xd = x6 - x
226 | yd = y6 - y
227 | lambda = yd / xd
228 | x = lambda*lambda - 2*x6 + xd
229 | y = lambda*(x6 - x) - y6
230 | xd = x7 - x
231 | yd = y7 - y
232 | lambda = yd / xd
233 | x = lambda*lambda - 2*x7 + xd
234 | y = lambda*(x7 - x) - y7
235 | xd = x8 - x
236 | yd = y8 - y
237 | lambda = yd / xd
238 | x = lambda*lambda - 2*x8 + xd
239 | y = lambda*(x8 - x) - y8
240 | xd = x9 - x
241 | yd = y9 - y
242 | lambda = yd / xd
243 | x = lambda*lambda - 2*x9 + xd
244 | y = lambda*(x9 - x) - y9
245 | xd = x10 - x
246 | yd = y10 - y
247 | lambda = yd / xd
248 | x = lambda*lambda - 2*x10 + xd
249 | y = lambda*(x10 - x) - y10
250 | xd = x11 - x
251 | yd = y11 - y
252 | lambda = yd / xd
253 | x = lambda*lambda - 2*x11 + xd
254 | y = lambda*(x11 - x) - y11
255 | xd = x12 - x
256 | yd = y12 - y
257 | lambda = yd / xd
258 | x = lambda*lambda - 2*x12 + xd
259 | y = lambda*(x12 - x) - y12
260 | xd = x13 - x
261 | yd = y13 - y
262 | lambda = yd / xd
263 | x = lambda*lambda - 2*x13 + xd
264 | y = lambda*(x13 - x) - y13
265 | xd = x14 - x
266 | yd = y14 - y
267 | lambda = yd / xd
268 | x = lambda*lambda - 2*x14 + xd
269 | y = lambda*(x14 - x) - y14
270 | xd = x15 - x
271 | yd = y15 - y
272 | lambda = yd / xd
273 | x = lambda*lambda - 2*x15 + xd
274 | y = lambda*(x15 - x) - y15
275 | xd = x16 - x
276 | yd = y16 - y
277 | lambda = yd / xd
278 | x = lambda*lambda - 2*x16 + xd
279 | y = lambda*(x16 - x) - y16
280 | xd = x17 - x
281 | yd = y17 - y
282 | lambda = yd / xd
283 | x = lambda*lambda - 2*x17 + xd
284 | y = lambda*(x17 - x) - y17
285 | xd = x18 - x
286 | yd = y18 - y
287 | lambda = yd / xd
288 | x = lambda*lambda - 2*x18 + xd
289 | y = lambda*(x18 - x) - y18
290 | xd = x19 - x
291 | yd = y19 - y
292 | lambda = yd / xd
293 | x = lambda*lambda - 2*x19 + xd
294 | y = lambda*(x19 - x) - y19
295 | xd = x20 - x
296 | yd = y20 - y
297 | lambda = yd / xd
298 | x = lambda*lambda - 2*x20 + xd
299 | y = lambda*(x20 - x) - y20
300 | xd = x21 - x
301 | yd = y21 - y
302 | lambda = yd / xd
303 | x = lambda*lambda - 2*x21 + xd
304 | y = lambda*(x21 - x) - y21
305 | xd = x22 - x
306 | yd = y22 - y
307 | lambda = yd / xd
308 | x = lambda*lambda - 2*x22 + xd
309 | y = lambda*(x22 - x) - y22
310 | xd = x23 - x
311 | yd = y23 - y
312 | lambda = yd / xd
313 | x = lambda*lambda - 2*x23 + xd
314 | y = lambda*(x23 - x) - y23
315 | xd = x24 - x
316 | yd = y24 - y
317 | lambda = yd / xd
318 | x = lambda*lambda - 2*x24 + xd
319 | y = lambda*(x24 - x) - y24
320 | xd = x25 - x
321 | yd = y25 - y
322 | lambda = yd / xd
323 | x = lambda*lambda - 2*x25 + xd
324 | y = lambda*(x25 - x) - y25
325 | xd = x26 - x
326 | yd = y26 - y
327 | lambda = yd / xd
328 | x = lambda*lambda - 2*x26 + xd
329 | y = lambda*(x26 - x) - y26
330 | xd = x27 - x
331 | yd = y27 - y
332 | lambda = yd / xd
333 | x = lambda*lambda - 2*x27 + xd
334 | y = lambda*(x27 - x) - y27
335 | xd = x28 - x
336 | yd = y28 - y
337 | lambda = yd / xd
338 | x = lambda*lambda - 2*x28 + xd
339 | y = lambda*(x28 - x) - y28
340 | xd = x29 - x
341 | yd = y29 - y
342 | lambda = yd / xd
343 | x = lambda*lambda - 2*x29 + xd
344 | y = lambda*(x29 - x) - y29
345 | xd = x30 - x
346 | yd = y30 - y
347 | lambda = yd / xd
348 | x = lambda*lambda - 2*x30 + xd
349 | y = lambda*(x30 - x) - y30
350 | xd = x31 - x
351 | yd = y31 - y
352 | lambda = yd / xd
353 | x = lambda*lambda - 2*x31 + xd
354 | y = lambda*(x31 - x) - y31
355 | x == 84747209671529873847980189480931821728676133408892503733464016550518449971919
356 | 


--------------------------------------------------------------------------------
/jubjub.sage:
--------------------------------------------------------------------------------
  1 | import hashlib
  2 | import random
  3 | 
  4 | p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
  5 | F = GF(p)
  6 | E = EllipticCurve(F, [0, 7])
  7 | n = E.order()
  8 | S = GF(n)
  9 | half = 1 / S(2)
 10 | 
 11 | levels = 1
 12 | if len(sys.argv) > 1:
 13 |     levels = int(sys.argv[1])
 14 | 
 15 | def sha256(m):
 16 |     h = hashlib.sha256()
 17 |     h.update(m)
 18 |     return int(h.digest().encode('hex'), 16)
 19 | 
 20 | def hash_to_point(m):
 21 |     for i in range(256):
 22 |         x = sha256(bytes([i]) + m)
 23 |         x = F(x)
 24 |         try:
 25 |             p = E.lift_x(x)
 26 |         except:
 27 |             continue
 28 |         if p[1].is_square():
 29 |             return p
 30 |         else:
 31 |             return -p
 32 | 
 33 | G = [hash_to_point(bytes([0,0]))]
 34 | B = [hash_to_point(bytes([0,0]))]
 35 | for i in range(510):
 36 |     G.append(hash_to_point(bytes([i % 256, i // 256])))
 37 |     H = G[-1] * int(half)
 38 |     assert(H + H == G[-1])
 39 |     B[0] += H
 40 |     B.append(H)
 41 | 
 42 | def native_hash(m):
 43 |     T = G[0]
 44 |     for i in range(2):
 45 |         for j in range(85):
 46 |             bitval = (m[i] >> (j * 3)) & 7
 47 |             (b0, b1, b2) = (bitval & 1, (bitval >> 1) & 1, (bitval >> 2) & 1)
 48 |             if b2 == 1:
 49 |                 b0 = 1 - b0
 50 |                 b1 = 1 - b1
 51 |             if b0 == 1: T += G[i * 255 + j * 3 + 1]
 52 |             if b1 == 1: T += G[i * 255 + j * 3 + 2]
 53 |             if b2 == 1: T += G[i * 255 + j * 3 + 3]
 54 |     return T[0]
 55 | 
 56 | base = sha256("base")
 57 | root = base
 58 | branch = []
 59 | directions = []
 60 | 
 61 | for i in range(levels):
 62 |     branchval = sha256("level %i" % i)
 63 |     dirval = sha256("direction %i" % i) & 1
 64 |     branch.append(branchval)
 65 |     directions.append(dirval)
 66 |     if dirval == 0:
 67 |         root = int(native_hash([root, branchval]))
 68 |     else:
 69 |         root = int(native_hash([branchval, root]))
 70 | 
 71 | def emit_step(level):
 72 |     print("dir = bool(#%i)" % directions[level])
 73 |     print("branch = #%i" % branch[level])
 74 |     print("diff = dir * (branch - root)")
 75 |     print("left = root + diff")
 76 |     print("right = branch - diff")
 77 |     print("%s,leftdrop := left" % (",".join(["b%i" % i for i in range(255)])))
 78 |     print("%s,rightdrop := right" % (",".join(["b%i" % i for i in range(255,510)])))
 79 |     print("x = %i" % B[0][0])
 80 |     print("y = %i" % B[0][1])
 81 |     for round in range(170):
 82 |         P0 = B[1 + 3*round]
 83 |         P1 = B[2 + 3*round]
 84 |         P2 = B[3 + 3*round]
 85 |         R = [P0+P1+P2, -P0+P1+P2, P0-P1+P2, -P0-P1+P2]
 86 |         print("inner = b%i * b%i" % (3 * round, 3 * round + 1))
 87 |         print("x%i = %i + %i * b%i + %i * b%i + %i * inner" % (round, R[0][0], R[1][0] - R[0][0], 3 * round, R[2][0] - R[0][0], 3 * round + 1, R[0][0] - R[1][0] - R[2][0] + R[3][0]))
 88 |         print("y%i = (2*b%i - 1) * (%i + %i * b%i + %i * b%i + %i * inner)" % (round, 3 * round + 2, R[0][1], R[1][1] - R[0][1], 3 * round, R[2][1] - R[0][1], 3 * round + 1, R[0][1] - R[1][1] - R[2][1] + R[3][1]))
 89 |         print("xd = x%i - x" % round)
 90 |         print("yd = y%i - y" % round)
 91 |         print("lambda = yd / xd")
 92 |         if round < 169:
 93 |             print("x = lambda*lambda - 2*x%i + xd" % round)
 94 |             print("y = lambda*(x%i - x) - y%i" % (round, round))
 95 |         else:
 96 |             print("root = lambda*lambda - 2*x%i + xd" % round)
 97 | 
 98 | print("root = %i" % base)
 99 | for i in range(levels):
100 |     emit_step(i)
101 | print("root == %i" % root)
102 | 


--------------------------------------------------------------------------------
/pinocchio.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python3
 2 | 
 3 | import re
 4 | import sys
 5 | 
 6 | OUTPUT = re.compile("output ([0-9]+)")
 7 | CMD = re.compile("([a-z0-9-]+) in ([0-9]+) <([0-9 ]+)> out ([0-9]+) <([0-9 ]+)>")
 8 | MUL_CONST = re.compile("const-mul-([0-9a-f]+)")
 9 | MUL_NEG_CONST = re.compile("const-mul-neg-([0-9a-f]+)")
10 | 
11 | for line in sys.stdin:
12 |     line = line.strip()
13 |     sp = OUTPUT.fullmatch(line)
14 |     if sp:
15 |         print("debug v%i" % int(sp.group(1)))
16 |         continue
17 |     sp = CMD.fullmatch(line)
18 |     if not sp:
19 |         raise Exception("Unknown line: %s" % line)
20 |     cmd = sp.group(1)
21 |     num_in = int(sp.group(2))
22 |     ins = [int(x) for x in sp.group(3).split(" ")]
23 |     assert(len(ins) == num_in)
24 |     num_out = int(sp.group(4))
25 |     outs = [int(x) for x in sp.group(5).split(" ")]
26 |     assert(len(outs) == num_out)
27 |     if cmd == 'split':
28 |         assert(len(ins) == 1)
29 |         print("%s := v%i" % (",".join("v%i" % i for i in outs), ins[0]))
30 |         continue
31 |     if cmd == 'pack':
32 |         assert(len(outs) == 1)
33 |         print("v%i =: %s" % (outs[0], ",".join("v%i" % i for i in ins)))
34 |         continue
35 |     if cmd == 'xor':
36 |         assert(len(ins) == 2)
37 |         assert(len(outs) == 1)
38 |         print("v%i = v%i ^ v%i" % (outs[0], ins[0], ins[1]))
39 |         continue
40 |     if cmd == 'add':
41 |         assert(len(ins) == 2)
42 |         assert(len(outs) == 1)
43 |         print("v%i = v%i + v%i" % (outs[0], ins[0], ins[1]))
44 |         continue
45 |     if cmd == 'mul':
46 |         assert(len(ins) == 2)
47 |         assert(len(outs) == 1)
48 |         print("v%i = v%i * v%i" % (outs[0], ins[0], ins[1]))
49 |         continue
50 |     else:
51 |         sp = MUL_CONST.fullmatch(cmd)
52 |         if sp:
53 |             assert(len(ins) == 1)
54 |             assert(len(outs) == 1)
55 |             print("v%i = v%i * %i" % (outs[0], ins[0], int(sp.group(1), 16)))
56 |             continue
57 |         sp = MUL_NEG_CONST.fullmatch(cmd)
58 |         if sp:
59 |             assert(len(ins) == 1)
60 |             assert(len(outs) == 1)
61 |             print("v%i = v%i * (-%i)" % (outs[0], ins[0], int(sp.group(1), 16)))
62 |             continue
63 |     raise Exception("Unknown command: %s" % cmd)
64 | 


--------------------------------------------------------------------------------